CVE-2020-11985

Severity CVSS v4.0:
Pending analysis
Type:
CWE-345 Insufficient Verification of Data Authenticity
Publication date:
07/08/2020
Last modified:
07/11/2023

Description

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 2.4.1 (including) 2.4.23 (including)


References to Advisories, Solutions, and Tools