Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-7519

Опубликовано: 07 дек. 2015
Источник: redhat
CVSS2: 5.8
EPSS Низкий

Описание

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenStack Foremanruby193-rubygem-passengerWill not fix
OpenStack Foremanrubygem-passengerWill not fix
Red Hat Ceph Storage 1.3ruby193-rubygem-passengerWill not fix
Red Hat Ceph Storage 1.3rubygem-passengerWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installerruby193-rubygem-passengerWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installerrubygem-passengerWill not fix
Red Hat OpenShift Enterprise 2ruby193-rubygem-passengerWill not fix
Red Hat OpenShift Enterprise 2ruby200-rubygem-passengerWill not fix
Red Hat OpenShift Enterprise 2rubygem-passengerWill not fix
Red Hat Satellite 6rubygem-passengerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1290405passenger: Header overwriting issue allowing user impersonation

EPSS

Процентиль: 58%
0.00361
Низкий

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-7519

CVSS3: 3.7
ubuntu
около 10 лет назад

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.

nvd логотип

CVE-2015-7519

CVSS3: 3.7
nvd
около 10 лет назад

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.

debian логотип

CVE-2015-7519

CVSS3: 3.7
debian
около 10 лет назад

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0. ...

suse-cvrf логотип

SUSE-SU-2015:2337-1

suse-cvrf
около 10 лет назад

Security update for rubygem-passenger

github логотип

GHSA-fxwv-953p-7qpf

CVSS3: 3.7
github
больше 7 лет назад

Phusion Passenger allows remote attackers to spoof headers

EPSS

Процентиль: 58%
0.00361
Низкий

5.8 Medium

CVSS2