{"vulnerability": "CVE-2011-3624", "sightings": [{"uuid": "88ab2176-d330-4151-a0f4-30f5ed6c1081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2011-3624", "type": "seen", "source": "https://t.me/ctinow/194743", "content": "https://ift.tt/Lm13bGz\nCVE-2011-3624 | Ruby up to 1.8.7/1.9.2 Log File WEBrick::HTTPRequest injection (ID 5418)", "creation_timestamp": "2024-02-27T18:52:20.000000Z"}, {"uuid": "8e91ff5a-21a6-4b2d-bcb9-87aa5f0b7e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2011-3624", "type": "seen", "source": "https://t.me/cibsecurity/8320", "content": "ATENTION\u203c New - CVE-2011-3624\n\nVarious methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-11-26T08:57:27.000000Z"}]}