Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3187


Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3187
Last Modified 06 Jul 2012 12:00:00
Published 29 Aug 2011 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

Vulnerable Systems


  • Ruby On Rails 3.0.5

  • Rubyonrails Ruby On Rails 3.0.5


MLIST - [oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)

MLIST - [oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)

MLIST - [oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)

MLIST - [oss-security] 20110817 CVE request: ruby on rails flaws (4)



FULLDISC - 20110216 Ruby on Rails Vulnerability

Last Updated: 27 May 2016 10:57:33