VYPR
Low severity3.7NVD Advisory· Published Jan 8, 2016· Updated Jun 17, 2026

CVE-2015-7519

CVE-2015-7519

Description

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
passengerRubyGems
< 4.0.604.0.60
passengerRubyGems
>= 5.0.0, < 5.0.225.0.22

Affected products

33
  • Phusion/Passenger28 versions
    cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*+ 27 more
    • cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*range: <=4.0.59
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.9:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.