Description
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Remediation
References
Related Vulnerabilities
Lighttpd Uncontrolled Resource Consumption Vulnerability (CVE-2022-30780)
WeBid Incorrect Comparison Vulnerability (CVE-2020-23359)
MySQL CVE-2017-10167 Vulnerability (CVE-2017-10167)
WordPress Plugin Advanced Booking Calendar Cross-Site Scripting (1.6.7)
WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)