4 matches found
CVE-2025-65328
Mega-Fence webgate-lib. 25.1.914 and prior trusts the first value of the X-Forwarded-For XFF header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant...
CVE-2025-65328
Mega-Fence webgate-lib. 25.1.914 and prior trusts the first value of the X-Forwarded-For XFF header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant...
Devy Mega-Fence 安全漏洞
Devy Mega-Fence is a middleware for traffic control and online queuing from Devy Korea. A security vulnerability exists in Devy Mega-Fence versions 25.1.914 and earlier, which stems from trusting the X-Forwarded-For header value and could lead to client-side IP spoofing...
PT-2026-1292
Name of the Vulnerable Software and Affected Versions Mega-Fence versions 25.1.914 and prior Description The software does not validate a trusted proxy chain when using the X-Forwarded-For XFF header to determine the client IP address. An attacker can manipulate the XFF header to spoof the client...