Rubyonrails : Security Vulnerabilities, CVEs, Published In 2015 (Bypass)
CVE-2015-3224
Public exploit
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
Max CVSS
4.3
EPSS Score
92.90%
Published
2015-07-26
Updated
2016-12-03
1 vulnerabilities found