Skip to main content

Insufficient Verification of Data Authenticity

CVE-2022-2255

Severity High
Score 7.5/10

Summary

A vulnerability was found in "mod_wsgi.c". The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. This vulnerability affects mod-wsgi versions prior to 4.9.3,

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Advisory Timeline

  • Published