CVE-2015-3224

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rubyonrails:web_console:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-07-26 22:59

Updated : 2016-12-03 03:08


NVD link : CVE-2015-3224

Mitre link : CVE-2015-3224


JSON object : View

Products Affected

rubyonrails

  • web_console
CWE
CWE-284

Improper Access Control