Описание
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mod_wsgi | Not affected | ||
| Red Hat Enterprise Linux 7 | mod_wsgi | Not affected | ||
| Red Hat Enterprise Linux 8 | mod_wsgi | Will not fix | ||
| Red Hat Enterprise Linux 8 | python38:3.8/mod_wsgi | Will not fix | ||
| Red Hat Enterprise Linux 9 | mod_wsgi | Will not fix | ||
| Red Hat Software Collections | python27-mod_wsgi | Out of support scope | ||
| Red Hat Software Collections | rh-python38-mod_wsgi | Will not fix | ||
| Red Hat Enterprise Linux 8 | python39 | Fixed | RHSA-2025:4791 | 12.05.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...
EPSS
7.3 High
CVSS3