CVE-2016-4793
published 2017-01-23CVE-2016-4793: The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
PriorityP352high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
5.15%
91.4th percentile
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cakephp | cakephp | <= 3.2.4 | — |
| cakephp | cakephp | >= 0 < 2.8.3-1 | 2.8.3-1 |
| cakephp | cakephp | >= 1.2.0 < 2.6.13 | 2.6.13 |
| cakephp | cakephp | >= 2.7.0-rc1 < 2.7.11 | 2.7.11 |
| cakephp | cakephp | >= 2.8.0-rc1 < 2.8.2 | 2.8.2 |
| cakephp | cakephp | >= 3.0.0-rc1 < 3.0.17 | 3.0.17 |
| cakephp | cakephp | >= 3.1.0-beta1 < 3.1.12 | 3.1.12 |
| cakephp | cakephp | >= 3.2.0-rc1 < 3.2.5 | 3.2.5 |
| citrix | citrix_sd-wan | — | — |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
| debian | cakephp | < cakephp 2.8.3-1 (bullseye) | cakephp 2.8.3-1 (bullseye) |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
CakePHP allows remote attackers to spoof their IP
ghsa·2022-05-14
CVE-2016-4793 [HIGH] CWE-20 CakePHP allows remote attackers to spoof their IP
CakePHP allows remote attackers to spoof their IP
The `clientIp` function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the `CLIENT-IP HTTP` header.
OSV
CakePHP allows remote attackers to spoof their IP
osv·2022-05-14
CVE-2016-4793 [HIGH] CakePHP allows remote attackers to spoof their IP
CakePHP allows remote attackers to spoof their IP
The `clientIp` function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the `CLIENT-IP HTTP` header.
OSV
CVE-2016-4793: The clientIp function in CakePHP 3
osv·2017-01-23·CVSS 7.5
CVE-2016-4793 [HIGH] CVE-2016-4793: The clientIp function in CakePHP 3
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Debian
CVE-2016-4793: cakephp - The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to sp...
vendor_debian·2016·CVSS 7.5
CVE-2016-4793 [HIGH] CVE-2016-4793: cakephp - The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to sp...
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Scope: local
bullseye: resolved (fixed in 2.8.3-1)
Citrix
Citrix SD-WAN Multiple Security Updates
vendor_citrix·CVSS 6.8
CVE-2012-2104 [MEDIUM] Citrix SD-WAN Multiple Security Updates
Citrix SD-WAN Multiple Security Updates
of Problem Multiple vulnerabilities have been identified in the management interface of Citrix NetScaler SD-WAN physical appliances and virtual appliances. Collectively these vulnerabilities could allow an unauthenticated attacker with access to the management interface to compromise the host. The vulnerabilities have been assigned the following CVE numbers. CVE-2018-17444 - Directory traversal in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17445 - Command Injection in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17446 - SQL Injection in in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17447 - Infor
No detection rules found.
No writeups or analysis indexed.
http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txthttp://www.securityfocus.com/bid/95846https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.htmlhttps://support.citrix.com/article/CTX236992https://www.exploit-db.com/exploits/39813/http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txthttp://www.securityfocus.com/bid/95846https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.htmlhttps://support.citrix.com/article/CTX236992https://www.exploit-db.com/exploits/39813/
2017-01-23
Published