Log in



Vulnerability Bulletins

MSA-20-0003: IP addresses can be spoofed using X-Forwarded-For

System information

Affected software PHP


von Michael Hawkins. X-Forwarded-For headers could be used to spoof a users IP, in order to bypass remote address checks.PATCH NOTE: For user IPs to be checked (and logged) accurately after this patch is applied, sites using multiple levels of reverse proxies/balancers that append to the X-Forwarded-For header will need to configure the new "reverseproxyignore" setting. This ensures the IPs of the later proxies are ignored in favour of the users IP. Severity/Risk: Serious Versions

More info:


Standar resources

Property Value
CVE CVE-2020-1755.

Version history

Version Comments Date
1.0 Advisory issued 2020-07-30
Go back

Este sitio web utiliza cookies propias y de terceros para el correcto funcionamiento y visualización del sitio web por parte del usuario, así como la recogida de estadísticas. Si continúa navegando, consideramos que acepta su uso. Puede cambiar la configuración u obtener más información. Modificar configuración