Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Devy Mega-Fence 安全漏洞
Vulnerability Description
Devy Mega-Fence是韩国Devy公司的一个用于流量控制和在线排队的中间件。 Devy Mega-Fence 25.1.914及之前版本存在安全漏洞,该漏洞源于信任X-Forwarded-For标头值,可能导致客户端IP欺骗。
CVSS Information
N/A
Vulnerability Type
N/A