7.5
CVE-2009-3287
- EPSS 1.38%
- Veröffentlicht 22.09.2009 10:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:18
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginlib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Macournoyer ≫ Thin Version <= 1.2.2
Macournoyer ≫ Thin Version0.4.0
Macournoyer ≫ Thin Version0.4.1
Macournoyer ≫ Thin Version0.5.0
Macournoyer ≫ Thin Version0.5.1
Macournoyer ≫ Thin Version0.5.2
Macournoyer ≫ Thin Version0.5.3
Macournoyer ≫ Thin Version0.5.4
Macournoyer ≫ Thin Version0.6.0
Macournoyer ≫ Thin Version0.6.3
Macournoyer ≫ Thin Version0.6.4
Macournoyer ≫ Thin Version0.7.0
Macournoyer ≫ Thin Version0.7.1
Macournoyer ≫ Thin Version0.8.0
Macournoyer ≫ Thin Version0.8.1
Macournoyer ≫ Thin Version0.8.2
Macournoyer ≫ Thin Version1.0.0
Macournoyer ≫ Thin Version1.1.0
Macournoyer ≫ Thin Version1.1.1
Macournoyer ≫ Thin Version1.2.0
Macournoyer ≫ Thin Version1.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.38% | 0.686 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://github.com/macournoyer/thin/blob/master/CHANGELOG
http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a
http://www.openwall.com/lists/oss-security/2009/09/12/1