12 matches found
Astra Linux - уязвимость в mod-wsgi
A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...
EUVD-2022-0159
Malicious code in bioql PyPI...
TencentOS Server 3: python39:3.9 (TSSA-2025:0340)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0340 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
BIT-MOD_WSGI-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Advisory ROSA-SA-2024-2363
Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...
[SECURITY] [DLA 3111-1] mod-wsgi security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 15, 2022 https://wiki.debian.org/LTS -...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
PYSEC-2022-254
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
CVE-2022-2255 affects mod_wsgi: a request from an untrusted proxy can carry the X-Client-IP header to the WSGI app because the removal condition is missing. Impact: potential header spoofing bypass. Affected versions are older mod_wsgi; multiple advisories indicate remediation via upgrading to no...
Updated apache-mod_wsgi packages fix security vulnerability
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
PT-2022-4349 · Mod Wsgi +9 · Mod Wsgi +9
Name of the Vulnerable Software and Affected Versions: mod wsgi affected versions not specified Description: A vulnerability in mod wsgi is related to errors in processing the X-Client-IP header. This issue allows an attacker to pass the X-Client-IP header to the target WSGI application because t...