Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2015-7519

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.

CVSS v3:

  • Severity: Low
  • Score: 3.7
  • AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
phusionpassenger / phusion_passenger 5.0.13 5.0.13.x
phusionpassenger / phusion_passenger 5.0.0 5.0.0.x
phusionpassenger / phusion_passenger 5.0.4 5.0.4.x
phusionpassenger / phusion_passenger 5.0.12 5.0.12.x
phusionpassenger / phusion_passenger 5.0.17 5.0.17.x
phusionpassenger / phusion_passenger 5.0.0-beta1 5.0.0-beta1.x
phusionpassenger / phusion_passenger 5.0.0-rc1 5.0.0-rc1.x
phusionpassenger / phusion_passenger 5.0.0-beta2 5.0.0-beta2.x
phusionpassenger / phusion_passenger - 4.0.59.x
phusionpassenger / phusion_passenger 5.0.14 5.0.14.x
phusionpassenger / phusion_passenger 5.0.18 5.0.18.x
phusionpassenger / phusion_passenger 5.0.0-rc2 5.0.0-rc2.x
phusionpassenger / phusion_passenger 5.0.5 5.0.5.x
phusionpassenger / phusion_passenger 5.0.11 5.0.11.x
phusionpassenger / phusion_passenger 5.0.2 5.0.2.x
phusionpassenger / phusion_passenger 5.0.0-beta3 5.0.0-beta3.x
phusionpassenger / phusion_passenger 5.0.6 5.0.6.x
phusionpassenger / phusion_passenger 5.0.19 5.0.19.x
phusionpassenger / phusion_passenger 5.0.3 5.0.3.x
phusionpassenger / phusion_passenger 5.0.9 5.0.9.x
phusionpassenger / phusion_passenger 5.0.21 5.0.21.x
phusionpassenger / phusion_passenger 5.0.16 5.0.16.x
phusionpassenger / phusion_passenger 5.0.20 5.0.20.x
phusionpassenger / phusion_passenger 5.0.10 5.0.10.x
phusionpassenger / phusion_passenger 5.0.7 5.0.7.x
phusionpassenger / phusion_passenger 5.0.8 5.0.8.x
phusionpassenger / phusion_passenger 5.0.1 5.0.1.x
phusionpassenger / phusion_passenger 5.0.15 5.0.15.x
passenger - 4.0.60
passenger 5.0.0 5.0.22