CVE-2020-11985

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.24

Description The issue is related to the implementation of mod remoteip and mod rewrite modules in the Apache HTTP Server, which is associated with insufficient authentication data verification. This can allow a remote attacker to spoof their IP address for logging and PHP scripts when using proxying with mod remoteip and certain mod rewrite rules.

Recommendations For versions prior to 2.4.24, update to Apache HTTP Server 2.4.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of mod remoteip and mod rewrite modules until the update is applied.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

ALT-PU-2017-1655

BDU:2021-00720

BIT-APACHE-2020-11985

CVE-2020-11985

RHSA-2017:1161

SUSE-SU-2020:2450-1

SUSE-SU-2020_2450-1

Affected Products

Alt Linux

Apache Http Server

Suse

CVE-2020-11985

Weakness Enumeration

Related Identifiers

Affected Products

References · 65