FreeBSD : phpBB IP address spoofing (cfe17ca6-6858-4805-ba1d-a60a61ec9b4d)
High Nessus Plugin ID 36912
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe common.php script always trusts the `X-Forwarded-For' header in the client's HTTP request. A remote user could forge this header in order to bypass any IP address access control lists (ACLs).
SolutionUpdate the affected package.