Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:rubyonrails:web_console:2.1.2
There are 1 matching records.
Displaying matches 1 through 1.
Vuln ID Summary CVSS Severity
CVE-2015-3224

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.

Published: July 26, 2015; 6:59:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM