Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-3187)

Description

The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

Remediation

References

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2006-5360)

Oracle Database Server CVE-2009-1968 Vulnerability (CVE-2009-1968)

Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7903)

Jenkins Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43044)

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-9402)

Severity

Medium

Classification

CVE-2011-3187 CWE-20

Tags

Missing Update Known Vulnerabilities