Home page logo

oss-sec logo oss-sec mailing list archives

Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-*
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 12 Oct 2011 13:06:10 -0600

Various methods in WEBrick::HTTPRequest in Ruby on Rails 3.0.10 do not
validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server
headers in requests, which might allow remote attackers to inject
arbitrary text into log files or bypass intended address parsing via a
crafted header.


Can we get a CVE for this please?

-Kurt Seifried / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]