PT-2009-5600 · Ruby · Thin

Alex Legler

Published

2009-09-22

Updated

2017-10-24

CVE-2009-3287

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Thin web server versions prior to 1.2.4

Description The issue allows remote attackers to spoof the IP address of the client by modifying the X-Forwarded-For header, potentially hiding their activities. This is due to the reliance on the X-Forwarded-For header to determine the client's IP address in the lib/thin/connection.rb file.

Recommendations For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider validating the X-Forwarded-For header to prevent IP address spoofing. Restrict access to sensitive areas of the web server to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-3287

GHSA-J24P-R6WX-R79W

Affected Products

Thin

PT-2009-5600 · Ruby · Thin

CVE-2009-3287

Weakness Enumeration

Related Identifiers

Affected Products

References · 12