Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:rubyonrails:web_console:2.1.2:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-3224 |
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. Published: July 26, 2015; 6:59:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |