Lucene search
K

7 matches found

OSV
OSV
added 2024/01/02 6:32 p.m.59 views

GO-2023-2394 Spoofed source IP address in github.com/shift72/caddy-geo-ip

The caddy-geo-ip aka GeoIP middleware for Caddy 2 allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictions...

6.5CVSS6.3AI score0.00655EPSS
Exploits0References2
Veracode
Veracode
added 2023/12/11 8:25 a.m.15 views

IP Spoofing

caddy-geo-ip is vulnerable to IP Spoofing attacks. The vulnerability is due to insecure usage of the trustheader. When trustheader is configured, req.Remoteaddr is overwritten. This allows an attacker to bypass IP range restrictions, and spoof IP addresses through the X-Forwarded-For header...

6.5CVSS7AI score0.00655EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/11 12:30 a.m.45 views

Header spoofing in caddy-geo-ip

The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...

6.5CVSS6.8AI score0.00655EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/12/11 12:30 a.m.28 views

GHSA-RXG9-HGQ7-8PWX Header spoofing in caddy-geo-ip

The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...

6.5CVSS6.3AI score0.00655EPSS
Exploits0References5
Prion
Prion
added 2023/12/10 11:15 p.m.25 views

Design/Logic Flaw

The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...

4.3CVSS7AI score0.00655EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/10 12:0 a.m.33 views

CVE-2023-50463

The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...

6.6AI score0.00655EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/10 12:0 a.m.4 views

PT-2023-31567 · Caddy · Caddy-Geo-Ip

Name of the Vulnerable Software and Affected Versions: caddy-geo-ip versions 0.6.0 and earlier for Caddy 2 Description: The issue allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism, such as the trusted proxy directive in revers...

6.5CVSS6.2AI score0.00655EPSS
Exploits0References12
Rows per page
Query Builder