CVE-2020-11985

Summary

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

Affected Software

VendorProductVersion RangeStatus
n/aApache HTTP Server2.4.1 to 2.4.23affected

Weaknesses

  • CWE-345: CWE-345: Insufficient verification of data authenticity

ADP Enrichment

CVE Program Container

Additional References

References