A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an malicious user to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
modwsgi mod wsgi |
||
debian debian linux 10.0 |