GRAHAM DUMPLETON

2 exploits Active since Aug 2022
CVE-2022-2255 WRITEUP HIGH WRITEUP
mod_wsgi < 4.9.3 - Unauthenticated Header Spoofing via X-Client-IP
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
CVSS 7.5
CVE-2022-2255 WRITEUP HIGH WRITEUP
mod_wsgi < 4.9.3 - Unauthenticated Header Spoofing via X-Client-IP
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
CVSS 7.5