7.5
CVE-2009-3287
- EPSS 0.48%
- Veröffentlicht 22.09.2009 10:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginlib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Macournoyer ≫ Thin Version <= 1.2.2
Macournoyer ≫ Thin Version0.4.0
Macournoyer ≫ Thin Version0.4.1
Macournoyer ≫ Thin Version0.5.0
Macournoyer ≫ Thin Version0.5.1
Macournoyer ≫ Thin Version0.5.2
Macournoyer ≫ Thin Version0.5.3
Macournoyer ≫ Thin Version0.5.4
Macournoyer ≫ Thin Version0.6.0
Macournoyer ≫ Thin Version0.6.3
Macournoyer ≫ Thin Version0.6.4
Macournoyer ≫ Thin Version0.7.0
Macournoyer ≫ Thin Version0.7.1
Macournoyer ≫ Thin Version0.8.0
Macournoyer ≫ Thin Version0.8.1
Macournoyer ≫ Thin Version0.8.2
Macournoyer ≫ Thin Version1.0.0
Macournoyer ≫ Thin Version1.1.0
Macournoyer ≫ Thin Version1.1.1
Macournoyer ≫ Thin Version1.2.0
Macournoyer ≫ Thin Version1.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.