Lucene search
Web Console Security Vulnerabilities
cve
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted...
6.5AI Score
0.929EPSS
2015-07-26 10:59 PM
70
2