Lucene search
RedhatCVELIST:CVE-2015-3224HistoryJul 26, 2015 - 10:00 p.m.
CVE-2015-3224
2015-07-2622:00:00
redhat
www.cve.org
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client’s IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
References
Related
zdt
zdt
fedora
fedora
[SECURITY] Fedora 22 Update: rubygem-web-console-2.1.3-1.fc22
2015-06-30 00:01:25
osv
osv
Web Console (Ruby gem) contains whitelisted_ips bypass
2017-10-24 18:33:36
nessus
nessus
Fedora 22 : rubygem-web-console-2.1.3-1.fc22 (2015-10128)
2015-06-30 00:00:00
nuclei
nuclei
Ruby on Rails Web Console - Remote Code Execution
2022-04-26 21:55:12
cve
cve
CVE-2015-3224
2015-07-26 22:59:03
openvas
openvas
Fedora Update for rubygem-web-console FEDORA-2015-10128
2015-07-07 00:00:00
Ruby on Rails Web Console IP Whitelist Bypass RCE Vulnerability
2020-03-09 00:00:00
seebug
seebug
Ruby on Rails Web Console IP 白名单安全模式绕过
2016-01-27 00:00:00
github
github
Web Console (Ruby gem) contains whitelisted_ips bypass
2017-10-24 18:33:36
nvd
nvd
CVE-2015-3224
2015-07-26 22:59:03
prion
prion
Cross site request forgery (csrf)
2015-07-26 22:59:00
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2015-06-16 00:00:00