Macournoyer: >> Thin >> 0.6.4 Security Vulnerabilities
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.
CVSS Score
7.5
EPSS Score
0.005
Published
2009-09-22