IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
References
Configurations
History
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 12:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-08-07 16:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-11985
Mitre link : CVE-2020-11985
CVE.ORG link : CVE-2020-11985
JSON object : View
Products Affected
apache
- http_server
CWE
CWE-345
Insufficient Verification of Data Authenticity