Tag
Heimdall IP Spoofing via Unvalidated Forwarding Headers
2 rules 2 TTPsA high-severity vulnerability in dadrus/heimdall (versions <= 0.17.16) enables attackers to spoof client IP addresses by injecting unvalidated or malformed values into `Forwarded` or `X-Forwarded-For` HTTP headers, potentially bypassing access controls or propagating malicious IP data to upstream services when `trusted_proxies` is configured.
Heimdall Proxy Forwarded Header Injection via Unsanitized Host Header
1 rule 1 TTPAttackers can exploit Heimdall proxy versions <= 0.17.16 operating in proxy mode by injecting malicious values into the `Host` HTTP header, leading to the construction of a manipulated `Forwarded` header that can spoof client IP addresses for upstream services, potentially bypassing IP-based access controls.
HestiaCP IP Spoofing Vulnerability (CVE-2026-43634)
2 rules 1 TTP 1 CVEHestiaCP versions 1.2.0 through 1.9.4 are vulnerable to IP spoofing (CVE-2026-43634), allowing unauthenticated remote attackers to bypass authentication security controls by manipulating the CF-Connecting-IP HTTP header to circumvent fail2ban, bypass IP allowlists, and poison authentication logs.