Vulnerabilities > CVE-2005-4687
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
Vulnerable Configurations
References
- http://secunia.com/advisories/17425
- http://secunia.com/advisories/17425
- http://secunia.com/advisories/17433
- http://secunia.com/advisories/17433
- http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt
- http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt
- http://www.securityfocus.com/bid/15326
- http://www.securityfocus.com/bid/15326