7 matches found
GO-2023-2394 Spoofed source IP address in github.com/shift72/caddy-geo-ip
The caddy-geo-ip aka GeoIP middleware for Caddy 2 allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictions...
IP Spoofing
caddy-geo-ip is vulnerable to IP Spoofing attacks. The vulnerability is due to insecure usage of the trustheader. When trustheader is configured, req.Remoteaddr is overwritten. This allows an attacker to bypass IP range restrictions, and spoof IP addresses through the X-Forwarded-For header...
Header spoofing in caddy-geo-ip
The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...
GHSA-RXG9-HGQ7-8PWX Header spoofing in caddy-geo-ip
The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...
Design/Logic Flaw
The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...
CVE-2023-50463
The caddy-geo-ip aka GeoIP middleware through 0.6.0 for Caddy 2, when trustheader X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictio...
PT-2023-31567 · Caddy · Caddy-Geo-Ip
Name of the Vulnerable Software and Affected Versions: caddy-geo-ip versions 0.6.0 and earlier for Caddy 2 Description: The issue allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism, such as the trusted proxy directive in revers...