Lucene search
HistoryDec 15, 2022 - 7:15 p.m.
CVE-2021-4226
rsfirewall
ip identification
bypass
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.4%
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented.
Affected configurations
Node
rsjoomlarsfirewall\!Range<1.1.25wordpress
Related
cve
cve
CVE-2021-4226
2022-12-15 19:15:16
cvelist
cvelist
CVE-2021-4226 RSFirewall < 1.1.25 - IP Block Bypass
2022-12-15 17:14:40
prion
prion
Design/Logic Flaw
2022-12-15 19:15:00
patchstack
patchstack
WordPress RSFirewall! plugin <= 1.1.24 - IP Block Bypass vulnerability
2022-04-13 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.4%
Related for NVD:CVE-2021-4226