CVE-2011-3624

Name of the Vulnerable Software and Affected Versions Ruby versions 1.9.2 and 1.8.7 and earlier

Description The issue arises from the lack of validation of the X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Server headers in requests by various methods in WEBrick::HTTPRequest. This could potentially allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

Recommendations For Ruby versions 1.9.2 and 1.8.7 and earlier, consider validating the X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Server headers in requests to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.