PT-2015-6103 · Ruby · Ruby On Rails

Ben Murphy

Publicado

2015-07-26

Atualizado

2026-03-13

CVE-2015-3224

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Web Console versions prior to 2.1.3 Ruby on Rails versions 3.x and 4.x

Description The issue allows remote attackers to bypass the whitelisted ips protection mechanism via a crafted request. This is due to the improper restriction of X-Forwarded-For headers in determining a client's IP address.

Recommendations For Web Console versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issue. For Ruby on Rails versions 3.x and 4.x, ensure that Web Console is updated to a version that properly restricts the use of X-Forwarded-For headers. As a temporary workaround, consider restricting access to the request.rb file until a patch is available.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2015-3224

GHSA-67J6-XV27-W6WW

GHSA-82X2-G7VR-39WQ

OPENSUSE-SU-2024:13172-1

OPENSUSE-SU-2024:14179-1

OPENSUSE-SU-2025:15129-1

OPENSUSE-SU-2026:10367-1

Produtos afetados

Ruby On Rails

PT-2015-6103 · Ruby · Ruby On Rails

CVE-2015-3224

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21