CVE-2009-3287

Source
https://nvd.nist.gov/vuln/detail/CVE-2009-3287
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-3287.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2009-3287
Aliases
Downstream
Published
2009-09-22T10:30:00Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.

References

Affected packages