VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-cdnw-t8n1-23ep

Essentials
Severities (20)
References (18)
Severity details (13)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-cdnw-t8n1-23ep
Aliases	CVE-2011-3187 GHSA-3vfw-7rcp-3xgm
Summary	Improper Input Validation The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
Status	Published
Exploitability	2.0
Weighted Severity	6.2
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.09049	https://api.first.org/data/v1/epss?cve=CVE-2011-3187
epss	0.09049	https://api.first.org/data/v1/epss?cve=CVE-2011-3187
epss	0.09049	https://api.first.org/data/v1/epss?cve=CVE-2011-3187
epss	0.09049	https://api.first.org/data/v1/epss?cve=CVE-2011-3187
epss	0.09049	https://api.first.org/data/v1/epss?cve=CVE-2011-3187
epss	0.09049	https://api.first.org/data/v1/epss?cve=CVE-2011-3187
epss	0.09049	https://api.first.org/data/v1/epss?cve=CVE-2011-3187
generic_textual	MODERATE	https://bugzilla.novell.com/show_bug.cgi?id=673010
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3vfw-7rcp-3xgm
generic_textual	MODERATE	https://github.com/rails/rails
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-3187
generic_textual	MODERATE	https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
generic_textual	MODERATE	http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/08/17/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/08/19/11
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/08/20/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/08/22/13
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/08/22/14
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/08/22/5

Reference id	Reference type	URL
		http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
		https://api.first.org/data/v1/epss?cve=CVE-2011-3187
		https://bugzilla.novell.com/show_bug.cgi?id=673010
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187
		https://github.com/rails/rails
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3187.yml
		https://web.archive.org/web/20111209181000/http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
		http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
		http://www.openwall.com/lists/oss-security/2011/08/17/1
		http://www.openwall.com/lists/oss-security/2011/08/19/11
		http://www.openwall.com/lists/oss-security/2011/08/20/1
		http://www.openwall.com/lists/oss-security/2011/08/22/13
		http://www.openwall.com/lists/oss-security/2011/08/22/14
		http://www.openwall.com/lists/oss-security/2011/08/22/5
CVE-2011-3187		https://nvd.nist.gov/vuln/detail/CVE-2011-3187
CVE-2011-3187;OSVDB-73733	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35352.rb
CVE-2011-3187;OSVDB-73733	Exploit	https://www.securityfocus.com/bid/46423/info
GHSA-3vfw-7rcp-3xgm		https://github.com/advisories/GHSA-3vfw-7rcp-3xgm

Data source	Exploit-DB
Date added	Feb. 16, 2011
Description	Ruby on Rails 3.0.5 - 'WEBrick::HTTPRequest' Module HTTP Header Injection
Ransomware campaign use	Known
Source publication date	Feb. 16, 2011
Exploit type	remote
Platform	multiple
Source update date	Nov. 24, 2014
Source URL	https://www.securityfocus.com/bid/46423/info

Exploit Prediction Scoring System (EPSS)

Percentile	0.92606
EPSS Score	0.09049
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:25.613368+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-3187.yml	38.0.0