CVE-2009-3287
CVE-2009-3287 affects Thin (lib/thin/connection.rb) prior to 1.2.4. The root cause is reliance on the X-Forwarded-For header to determine the client IP, allowing remote attackers to spoof the IP address and hide activities via a modified header. Impact is described as partial confidentiality, int...