CVE-2009-3287

EUVD-2017-0256
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
macournoyerthin
𝑥
≤ 1.2.2
macournoyerthin
0.4.0
macournoyerthin
0.4.1
macournoyerthin
0.5.0
macournoyerthin
0.5.1
macournoyerthin
0.5.2
macournoyerthin
0.5.3
macournoyerthin
0.5.4
macournoyerthin
0.6.0
macournoyerthin
0.6.3
macournoyerthin
0.6.4
macournoyerthin
0.7.0
macournoyerthin
0.7.1
macournoyerthin
0.8.0
macournoyerthin
0.8.1
macournoyerthin
0.8.2
macournoyerthin
1.0.0
macournoyerthin
1.1.0
macournoyerthin
1.1.1
macournoyerthin
1.2.0
macournoyerthin
1.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
thin
bookworm
1.8.1-2
fixed
bullseye
1.8.0-1
fixed
sid
1.8.2-1
fixed
trixie
1.8.2-1
fixed
Common Weakness Enumeration
References
http://github.com/macournoyer/thin/blob/master/CHANGELOG
http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a
http://www.openwall.com/lists/oss-security/2009/09/12/1
http://github.com/macournoyer/thin/blob/master/CHANGELOG
http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a
http://www.openwall.com/lists/oss-security/2009/09/12/1