exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2015-3224

больше 10 лет назад

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.

CVSS2: 4.3

EPSS: Высокий

GHSA-67j6-xv27-w6ww

больше 8 лет назад

Web Console (Ruby gem) contains whitelisted_ips bypass

EPSS: Высокий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2015-3224 request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.	CVSS2: 4.3	85% Высокий	больше 10 лет назад
	GHSA-67j6-xv27-w6ww Web Console (Ruby gem) contains whitelisted_ips bypass		85% Высокий	больше 8 лет назад

Уязвимостей на страницу