IP Address Spoofing Vulnerability in Web Console

IP Address Spoofing Vulnerability in Web Console

CVE-2015-3224 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.

Learn more about our Web App Pen Testing.