https://bz.apache.org/bugzilla/show_bug.cgi?id=62070
Bug ID: 62070
Summary: RemoteIPValve sets remote address to request object
even X-Forwarded-For is tampered to refer localhost
Product: Tomcat 7
Version: 7.0.82
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
RemoteIPValve sets remote address to request object even X-Forwarded-For is
tampered to refer localhost.
So remote attackers can easily spoof X-Forwarded-For
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
