Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability - CVE-2020-11985 - Vulnerability Database
Apache HTTP Server

Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability - CVE-2020-11985

Medium
Reference: CVE-2020-11985
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-11985
Title: Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability
Overview:

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.