MSA-20-0003: IP addresses can be spoofed using X-Forwarded-For
|
System information
|
|
|
Affected software |
PHP |
Description
|
von Michael Hawkins. X-Forwarded-For headers could be used to spoof a users IP, in order to bypass remote address checks.PATCH NOTE: For user IPs to be checked (and logged) accurately after this patch is applied, sites using multiple levels of reverse proxies/balancers that append to the X-Forwarded-For header will need to configure the new "reverseproxyignore" setting. This ensures the IPs of the later proxies are ignored in favour of the users IP. Severity/Risk: Serious
More info:
https://moodle.org/mod/forum/discuss.php?d=398351&parent=1606855 |
Standar resources
|
Property |
Value |
CVE |
CVE-2020-1755. |