28 matches found
Astra Linux - уязвимость в mod-wsgi
A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...
EUVD-2022-0159
Malicious code in bioql PyPI...
TencentOS Server 3: python39:3.9 (TSSA-2025:0340)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0340 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
mod_wsgi: Trusted Proxy Headers Removing Bypass
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
ROS-20240827-01
A vulnerability in the modwsgi module of the Apache web server is related to errors in X-Client-IP header processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to network services. access to network services...
BIT-MOD_WSGI-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Advisory ROSA-SA-2024-2363
Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...
Amazon Linux 2 : mod_wsgi (ALASHTTPD_MODULES-2023-001)
It is, therefore, affected by a vulnerability as referenced in the ALAS2HTTPDMODULES-2023-001 advisory. A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI...
EulerOS 2.0 SP8 : mod-wsgi (EulerOS-SA-2023-1328)
According to the versions of the mod-wsgi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pa...
Debian dla-3111 : libapache2-mod-wsgi - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3111 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 3111-1] mod-wsgi security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 15, 2022 https://wiki.debian.org/LTS -...
GHSA-7527-8855-9CF8 Incorrect header handling in mod-wsgi
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Incorrect header handling in mod-wsgi
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Design/Logic Flaw
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
PYSEC-2022-254
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
CVE-2022-2255 affects mod_wsgi: a request from an untrusted proxy can carry the X-Client-IP header to the WSGI app because the removal condition is missing. Impact: potential header spoofing bypass. Affected versions are older mod_wsgi; multiple advisories indicate remediation via upgrading to no...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...