CVE-2009-3287

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
macournoyerthin
𝑥
≤ 1.2.2
macournoyerthin
0.4.0
macournoyerthin
0.4.1
macournoyerthin
0.5.0
macournoyerthin
0.5.1
macournoyerthin
0.5.2
macournoyerthin
0.5.3
macournoyerthin
0.5.4
macournoyerthin
0.6.0
macournoyerthin
0.6.3
macournoyerthin
0.6.4
macournoyerthin
0.7.0
macournoyerthin
0.7.1
macournoyerthin
0.8.0
macournoyerthin
0.8.1
macournoyerthin
0.8.2
macournoyerthin
1.0.0
macournoyerthin
1.1.0
macournoyerthin
1.1.1
macournoyerthin
1.2.0
macournoyerthin
1.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
thin
bullseye
1.8.0-1
fixed
bookworm
1.8.1-2
fixed
sid
1.8.2-1
fixed
trixie
1.8.2-1
fixed
Common Weakness Enumeration
References
http://github.com/macournoyer/thin/blob/master/CHANGELOG
http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a
http://www.openwall.com/lists/oss-security/2009/09/12/1
http://github.com/macournoyer/thin/blob/master/CHANGELOG
http://github.com/macournoyer/thin/commit/7bd027914c5ffd36bb408ef47dc749de3b6e063a
http://www.openwall.com/lists/oss-security/2009/09/12/1