CVE-2015-3224 in Ruby on Rails정보

요약 (영어)

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.

예약하다

2015. 04. 10.

공개

2015. 07. 26.

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디	취약성	CWE	악용	대책	CVE
76812	Ruby on Rails Web Console request.rb Blacklist 권한 상승	284	높음	공식 수정	CVE-2015-3224

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

◂ 이전개요다음 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!