Description

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

Remediation

References

CVE-2020-11985

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1914)

Artifactory Improper Handling of Exceptional Conditions Vulnerability (CVE-2023-42509)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)

MySQL CVE-2021-35641 Vulnerability (CVE-2021-35641)

Apache Tomcat Other Vulnerability (CVE-2002-1394)

Severity

Medium

Classification

CVE-2020-11985 CWE-345 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities