CVE-2022-2255

CVE-2022-2255 affects mod_wsgi: a request from an untrusted proxy can carry the X-Client-IP header to the WSGI app because the removal condition is missing. Impact: potential header spoofing bypass. Affected versions are older mod_wsgi; multiple advisories indicate remediation via upgrading to no...

Updated apache-mod_wsgi packages fix security vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...

OESA-2022-1827 mod_wsgi security update

The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime andfor hosting WSGI applications within Apache has a lower overhead than using existin...

UBUNTU-CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

PT-2022-4349 · Mod Wsgi +9 · Mod Wsgi +9

Name of the Vulnerable Software and Affected Versions: mod wsgi affected versions not specified Description: A vulnerability in mod wsgi is related to errors in processing the X-Client-IP header. This issue allows an attacker to pass the X-Client-IP header to the target WSGI application because t...

CVE-2022-2366

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...

CVE-2022-2366

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...

WordPress plugin WP-EMail 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin WP-EMail version 2.69.0 has a security vulnerability that stems from obtaining a...

CVE-2022-1165

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search...

GSD-2022-1000952 gso: do not skip outer ip header in case of ipip and net_failover

gso: do not skip outer ip header in case of ipip and netfailover This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.304 by commit...

GSD-2022-1000933 gso: do not skip outer ip header in case of ipip and net_failover

gso: do not skip outer ip header in case of ipip and netfailover This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.269 by commit...

GSD-2022-1000891 gso: do not skip outer ip header in case of ipip and net_failover

gso: do not skip outer ip header in case of ipip and netfailover This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.182 by commit...

GSD-2022-1000744 gso: do not skip outer ip header in case of ipip and net_failover

gso: do not skip outer ip header in case of ipip and netfailover This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.12 by commit...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL injection vulnerability that stems from the hmwp get user ip function attempting to retrieve an ip address from multiple headers, including ip address headers that the user can spoof, such...

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in devcode-it/openstamanager

✍️ Description A user without access to the software can inject a portion of HTML code in access logs. 🕵️‍♂️ Proof of Concept Simulate login with a crafter Client-IP header like this: curl -H 'Client-IP: INJECT' -d 'username=&password=&op=login' 'http://localhost//?op=login' The result is: 💥 Impact...

EulerOS Virtualization 2.9.1 : open-iscsi (EulerOS-SA-2021-1718)

According to the version of the open-iscsi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails...

Siemens Nucleus 安全漏洞

The Nucleus NET module includes a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device.Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for...

CVE-2020-17438

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafti...

Code injection

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafti...