Lucene search
GitHub Advisory DatabaseGHSA-67J6-XV27-W6WWHistoryOct 24, 2017 - 6:33 p.m.
Web Console (Ruby gem) contains whitelisted_ips bypass
2017-10-2418:33:36
CWE-284
GitHub Advisory Database
github.com
11
0.929 High
EPSS
Percentile
99.0%
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a clientโs IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| web-console | lt | 2.1.3 |
References
lists.fedoraproject.org/pipermail/package-announce/2015-June/160881.html
openwall.com/lists/oss-security/2015/06/16/18
github.com/advisories/GHSA-67j6-xv27-w6ww
github.com/rails/web-console/blob/master/CHANGELOG.markdown
github.com/rubysec/ruby-advisory-db/blob/master/gems/web-console/CVE-2015-3224.yml
groups.google.com/forum/#!topic/ruby-security-ann/lzmz9_ijUFw
nvd.nist.gov/vuln/detail/CVE-2015-3224
Related
seebug
seebug
Ruby on Rails Web Console IP ็ฝๅๅๅฎๅ
จๆจกๅผ็ป่ฟ
2016-01-27 00:00:00
cve
cve
CVE-2015-3224
2015-07-26 22:59:03
openvas
openvas
Fedora Update for rubygem-web-console FEDORA-2015-10128
2015-07-07 00:00:00
Ruby on Rails Web Console IP Whitelist Bypass RCE Vulnerability
2020-03-09 00:00:00
nessus
nessus
Fedora 22 : rubygem-web-console-2.1.3-1.fc22 (2015-10128)
2015-06-30 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-07-26 22:59:00
cvelist
cvelist
CVE-2015-3224
2015-07-26 22:00:00
nuclei
nuclei
Ruby on Rails Web Console - Remote Code Execution
2022-04-26 21:55:12
fedora
fedora
[SECURITY] Fedora 22 Update: rubygem-web-console-2.1.3-1.fc22
2015-06-30 00:01:25
zdt
zdt
osv
osv
Web Console (Ruby gem) contains whitelisted_ips bypass
2017-10-24 18:33:36
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2015-06-16 00:00:00