SUSE SLES15 Security Update : apache2-mod_wsgi (SUSE-SU-2022:4488-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4488-1 advisory. - A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker t...

Debian dla-3111 : libapache2-mod-wsgi - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3111 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3111-1] mod-wsgi security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 15, 2022 https://wiki.debian.org/LTS -...

Insecure Access Control

modwsgi has insecure access control. The vulnerability exists due to the insufficient checks in wsgiprocessproxyheaders function which allows an attacker to pass the X-Client-IP header to the target WSGI application from an untrusted proxy and gain unauthorized access...

GHSA-7527-8855-9CF8 Incorrect header handling in mod-wsgi

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

AZL-10734 CVE-2022-2255 affecting package mod_wsgi for versions less than 4.9.3-2

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

DEBIAN-CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

PYSEC-2022-254

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

Design/Logic Flaw

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

CVE-2022-2255

CVE-2022-2255 affects mod_wsgi: a request from an untrusted proxy can carry the X-Client-IP header to the WSGI app because the removal condition is missing. Impact: potential header spoofing bypass. Affected versions are older mod_wsgi; multiple advisories indicate remediation via upgrading to no...

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

OESA-2022-1827 mod_wsgi security update

The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime andfor hosting WSGI applications within Apache has a lower overhead than using existin...

UBUNTU-CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

PT-2022-4349 · Mod Wsgi +9 · Mod Wsgi +9

Name of the Vulnerable Software and Affected Versions: mod wsgi affected versions not specified Description: A vulnerability in mod wsgi is related to errors in processing the X-Client-IP header. This issue allows an attacker to pass the X-Client-IP header to the target WSGI application because t...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-32210

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...