[Bug 62070] New: RemoteIPValve sets remote address to request object even X-Forwarded-For is tampered to refer localhost

Thu, 01 Feb 2018 04:39:05 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62070

            Bug ID: 62070
           Summary: RemoteIPValve sets remote address to request object
                    even X-Forwarded-For is tampered to refer localhost
           Product: Tomcat 7
           Version: 7.0.82
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: vasa....@gmail.com
  Target Milestone: ---

RemoteIPValve sets remote address to request object even X-Forwarded-For is
tampered to refer localhost.

So remote attackers can easily spoof X-Forwarded-For

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to