CVE-2020-11985
published 2020-08-07CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | 2.4.1 – 2.4.23 | — |
| apache | httpd | — | — |
| debian | apache2 | < apache2 2.4.25-1 (bookworm) | apache2 2.4.25-1 (bookworm) |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv5.3MEDIUM