Lucene search
RubySecRUBY:ACTIONPACK-2011-3187HistoryOct 23, 2017 - 9:00 p.m.
Ruby on rails 3.0.5 Remote_IP.rb Input Validation in rails/actionpack
2017-10-2321:00:00
RubySec
webservsec.blogspot.com
6
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb
in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header
in requests from IP addresses on a Class C network, which might allow
remote attackers to inject arbitrary text into log files or bypass
intended address parsing via a crafted header.
Affected configurations
Node
rubyactionpackRange≤2.3.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruby | actionpack | * | cpe:2.3:a:ruby:actionpack:*:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
debiancve
debiancve
CVE-2011-3187
2011-08-29 18:55:01
openvas
openvas
Ruby on Rails Logfile Injection Vulnerability
2011-03-22 00:00:00
gitlab
gitlab
Improper Input Validation
2017-10-24 00:00:00
github
github
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
cve
cve
CVE-2011-3187
2011-08-29 18:55:01
osv
osv
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
ubuntucve
ubuntucve
CVE-2011-3187
2011-08-29 00:00:00
prion
prion
Code injection
2011-08-29 18:55:00
cvelist
cvelist
CVE-2011-3187
2011-08-29 18:00:00
nvd
nvd
CVE-2011-3187
2011-08-29 18:55:01
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related for RUBY:ACTIONPACK-2011-3187