Boletines de Vulnerabilidades

MSA-20-0003: IP addresses can be spoofed using X-Forwarded-For

Información sobre el sistema
   
Software afectado PHP

Descripción
von Michael Hawkins. X-Forwarded-For headers could be used to spoof a users IP, in order to bypass remote address checks.PATCH NOTE: For user IPs to be checked (and logged) accurately after this patch is applied, sites using multiple levels of reverse proxies/balancers that append to the X-Forwarded-For header will need to configure the new "reverseproxyignore" setting. This ensures the IPs of the later proxies are ignored in favour of the users IP. Severity/Risk: Serious

More info:

https://moodle.org/mod/forum/discuss.php?d=398351&parent=1606855

Identificadores estándar
Propiedad Valor
CVE CVE-2020-1755.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2020-03-31

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT