2 matches found
CVE-2022-2255
CVE-2022-2255 affects mod_wsgi: a request from an untrusted proxy can carry the X-Client-IP header to the WSGI app because the removal condition is missing. Impact: potential header spoofing bypass. Affected versions are older mod_wsgi; multiple advisories indicate remediation via upgrading to no...
CVE-2014-0242
CVE-2014-0242 affects the mod_wsgi Apache module (pre-3.4 in embedded mode). It can cause memory contents to be leaked via the Content-Type header, enabling disclosure of sensitive information. The issue is coupled with CVE-2014-0240 (privilege escalation). Public advisories and Nessus/Gentoo ent...