Lucene search
Ubuntu.comUB:CVE-2011-3187HistoryAug 29, 2011 - 12:00 a.m.
CVE-2011-3187
2011-08-2900:00:00
ubuntu.com
ubuntu.com
17
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.016
Percentile
87.5%
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb
in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in
requests from IP addresses on a Class C network, which might allow remote
attackers to inject arbitrary text into log files or bypass intended
address parsing via a crafted header.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | looks like it’s 3.x only |
Related
exploitdb
exploitdb
rubygems
rubygems
Ruby on rails 3.0.5 Remote_IP.rb Input Validation in rails/actionpack
2017-10-23 21:00:00
debiancve
debiancve
CVE-2011-3187
2011-08-29 18:55:01
openvas
openvas
Ruby on Rails Logfile Injection Vulnerability
2011-03-22 00:00:00
gitlab
gitlab
Improper Input Validation
2017-10-24 00:00:00
github
github
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
cve
cve
CVE-2011-3187
2011-08-29 18:55:01
cvelist
cvelist
CVE-2011-3187
2011-08-29 18:00:00
nvd
nvd
CVE-2011-3187
2011-08-29 18:55:01
prion
prion
Code injection
2011-08-29 18:55:00
osv
osv
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.016
Percentile
87.5%
Related for UB:CVE-2011-3187