PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
References
Link | Resource |
---|---|
http://secunia.com/advisories/17425 | Patch Vendor Advisory |
http://secunia.com/advisories/17433 | Patch Vendor Advisory |
http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt | |
http://www.securityfocus.com/bid/15326 | Patch |
http://secunia.com/advisories/17425 | Patch Vendor Advisory |
http://secunia.com/advisories/17433 | Patch Vendor Advisory |
http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt | |
http://www.securityfocus.com/bid/15326 | Patch |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/17425 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/17433 - Patch, Vendor Advisory | |
References | () http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt - | |
References | () http://www.securityfocus.com/bid/15326 - Patch |
Information
Published : 2005-12-31 05:00
Updated : 2024-11-21 00:04
NVD link : CVE-2005-4687
Mitre link : CVE-2005-4687
CVE.ORG link : CVE-2005-4687
JSON object : View
Products Affected
f-art_agency
- blog_cms
punbb
- punbb
CWE