### [CVE-2011-3187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

### POC

#### Reference
- http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html

#### Github
No PoCs found on GitHub currently.