Description

The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

Remediation

References

CVE-2011-3187

Related Vulnerabilities

WordPress Plugin AccessPress Anonymous Post Pro Arbitrary File Upload (3.1.9)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31807)

WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Privilege Escalation (2.6.4)

Django Resource Management Errors Vulnerability (CVE-2015-5964)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-3403)

Severity

Medium

Classification

CVE-2011-3187 CWE-20

Tags

Missing Update Known Vulnerabilities