BIT-apache-2020-11985

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2020-11985.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-apache-2020-11985
Aliases
Published
2024-03-06T10:57:47.876Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

References

Affected packages

Bitnami / apache

Package

Name
apache
Purl
pkg:bitnami/apache

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.4.1
Fixed
2.4.23