K21192332: Apache HTTP Server vulnerability CVE-2022-31813

Security Advisory Description Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. CVE-2022-31813 Impact An...

CVE-2022-4746

The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin...

CVE-2022-4303

The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based restrictions on login forms...

Design/Logic Flaw

The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin...

WordPress WP-Polls Bypasses IP-Based Restrictions Vulnerability

WP-Polls is a WordPress polling plugin. A vulnerability exists in WordPress WP-Polls versions prior to 2.76.0 to bypass IP-based restrictions. The vulnerability stems from prioritizing the IP of visitors from certain HTTP headers instead of PHP's REMOTEADDR, which can be exploited by an attacker ...

Design/Logic Flaw

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-7647)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7647 advisory. - Resolves: 2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via aprwrite - Resolves: 2097031 - CVE-2022-28615 httpd:2.4/httpd: out-of-boun...

Microsoft Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Microsoft Windows Point-to-Point Tunneling Protocol PPTP is a network protocol from Microsoft Corporation that allows secure transmission of data from a remote client to a private enterprise server by creating a virtual private network VPN over a TCP/IP-based data network. A remote code execution...

CVE-2022-1613

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations...

CVE-2022-1613

The CVE-2022-1613 issue affects the Restricted Site Access WordPress plugin (versions before 7.3.2). The root cause is the plugin prioritizing certain HTTP headers over PHP’s REMOTE_ADDR when obtaining a visitor IP, enabling bypass of IP-based restrictions in some scenarios. The vulnerability is ...

CVE-2022-2362

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions...

Design/Logic Flaw

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions...

CVE-2022-2362

CVE-2022-2362 affects the WordPress Download Manager plugin (versions prior to 3.2.50). The root cause is the plugin prioritizing certain HTTP headers over PHP’s REMOTE_ADDR to identify visitor IPs, enabling bypass of IP-based download-block restrictions. Affected product: WordPress Download Mana...

WordPress plugin Download Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Oracle Linux 6 : httpd (ELSA-2022-9676)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9676 advisory. - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34317859 Tenable has extracted the preceding description block...

CVE-2022-1600

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

CVE-2022-1600

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

Design/Logic Flaw

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...

CVE-2022-2228

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling...

CVE-2022-2228

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling...