phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/10170 | Patch Vendor Advisory |
http://secunia.com/advisories/11434 | Exploit Patch Vendor Advisory |
http://marc.info/?l=bugtraq&m=108239864203144&w=2 | |
http://marc.info/?l=bugtraq&m=108241122908409&w=2 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15909 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2004-04-18 21:00
Updated : 2017-07-10 18:31
NVD link : CVE-2004-1950
Mitre link : CVE-2004-1950
JSON object : View
CWE
Products Affected
phpbb_group
- phpbb