Last Modified: Nov 07, 2022
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Dec 08, 2016 Severity: 3-Major Related Article:
Related Article: K50499256
When an X-Forwarded-For entry is added, it should be appended to an existing HTTP header, rather than creating a new one. When detecting whether an IP address is within an X-Forwarded-For header, all such headers should be inspected.
In some cases, the handling of X-Forwarded-For HTTP headers may be incorrect.
Functionality that either reads or writes to HTTP X-Forwarded-For headers is used. This may include features of the HTTP profile, the ASM module, or other modules.
The handling of reading or writing to HTTP X-Forwarded-For headers has been improved.