CVE-2005-4687

PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4687
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
punbb / punbb	1.2.3	1.2.3.x
f-art_agency / blog_cms	4.0.0	4.0.0.x
punbb / punbb	1.2.7	1.2.7.x
punbb / punbb	1.2.5	1.2.5.x
f-art_agency / blog_cms	4.0.0d	4.0.0d.x
f-art_agency / blog_cms	3.6.2	3.6.2.x
punbb / punbb	1.2.1	1.2.1.x
f-art_agency / blog_cms	3.1	3.1.x
f-art_agency / blog_cms	4.0.0a	4.0.0a.x
f-art_agency / blog_cms	3.0	3.0.x
f-art_agency / blog_cms	3.1.4	3.1.4.x
f-art_agency / blog_cms	3.6.4	3.6.4.x
punbb / punbb	1.2.4	1.2.4.x
punbb / punbb	1.2.8	1.2.8.x
f-art_agency / blog_cms	3.1.2	3.1.2.x
punbb / punbb	1.2.2	1.2.2.x
f-art_agency / blog_cms	3.1.3	3.1.3.x
f-art_agency / blog_cms	4.0.0c	4.0.0c.x
punbb / punbb	1.2.6	1.2.6.x
f-art_agency / blog_cms	4.0.0b	4.0.0b.x
punbb / punbb	1.2.9	1.2.9.x

Vulnerability Database

289,697

CVE-2005-4687