Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Phusion Passenger 安全漏洞
Vulnerability Description
Phusion Passenger是荷兰Phusion公司的一个用于在Apache和Nginx网页服务器上部署Ruby on Rails项目的Apache模块。 Phusion Passenger 4.0.60之前版本和5.0.22之前5.0.x版本的agent/Core/Controller/SendRequest.cpp文件中存在安全漏洞。当程序工作在不带过滤代理的Apache集成模式或单机模式时,远程攻击者可通过使用‘_’字符代替HTTP头中的‘-’字符利用该漏洞伪造传递到应用程序中的请求头。
CVSS Information
N/A
Vulnerability Type
N/A