vendor:
IP.Board
by:
BID: 10559
7.5
CVSS
HIGH
IP Spoofing Vulnerability
200
CWE
Product Name: IP.Board
Affected Version From: <= 1.3.1
Affected Version To: <= 1.3.1
Patch Exists: YES
Related CWE: N/A
CPE: a:invision_power_services:ip.board
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: N/A
2005
IP.Board Design Error
There lies a vulnerability in all version of Invision Power Board that allow a user to spoof his/her IP address by creating a bogus X_FORWARDED_FOR HTTP Header entry. This condition can also be caused by a user unknowingly if they use a proxy to access the internet. For example, private LAN based IP's will be logged which are impossible to trace.
Mitigation:
The X_FORWARDED_FOR header entry should be checked and validated before being used.