Design/Logic Flaw

2009-09-2210:30:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.

CPENameOperatorVersion
thineq0.4.0
thineq0.5.4
thineq1.0.0
thineq0.8.2
thineq0.8.1
thineq0.5.0
thineq0.6.4
thinle1.2.2
thineq0.8.0
thineq0.4.1

Name	Operator	Version
thin	eq	0.4.0
thin	eq	0.5.4
thin	eq	1.0.0
thin	eq	0.8.2
thin	eq	0.8.1
thin	eq	0.5.0
thin	eq	0.6.4
thin	le	1.2.2
thin	eq	0.8.0
thin	eq	0.4.1

Rows per page:

1-10 of 211

References

www.openwall.com/lists/oss-security/2009/09/12/1

github.com/macournoyer/thin/blob/master/CHANGELOG

github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a