UBUNTU-CVE-2020-11985
- Source
- https://ubuntu.com/security/CVE-2020-11985
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-11985.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-11985
- Related
- Published
- 2020-08-07T16:15:00Z
- Modified
- 2024-10-15T14:07:26Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
2.4.7-1ubuntu4.20
2.4.7-1ubuntu4.21
2.4.7-1ubuntu4.22
2.4.7-1ubuntu4.22+esm1
2.4.7-1ubuntu4.22+esm2
2.4.7-1ubuntu4.22+esm3
2.4.7-1ubuntu4.22+esm4
2.4.7-1ubuntu4.22+esm5
2.4.7-1ubuntu4.22+esm6
2.4.7-1ubuntu4.22+esm8
2.4.7-1ubuntu4.22+esm9
Ubuntu:16.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.18-2ubuntu3.15
Affected versions
2.*
2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
2.4.18-2ubuntu3.8
2.4.18-2ubuntu3.9
2.4.18-2ubuntu3.10
2.4.18-2ubuntu3.12
2.4.18-2ubuntu3.13
2.4.18-2ubuntu3.14
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-bin-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-dbg"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-dev-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-suexec-custom-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-suexec-pristine-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.18-2ubuntu3.15",
"binary_name": "apache2-utils-dbgsym"
}
]
}
Ubuntu:18.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.29-1ubuntu4.13
Affected versions
2.*
2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
2.4.29-1ubuntu4.1
2.4.29-1ubuntu4.2
2.4.29-1ubuntu4.3
2.4.29-1ubuntu4.4
2.4.29-1ubuntu4.5
2.4.29-1ubuntu4.6
2.4.29-1ubuntu4.7
2.4.29-1ubuntu4.8
2.4.29-1ubuntu4.10
2.4.29-1ubuntu4.11
2.4.29-1ubuntu4.12
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-dbg"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.29-1ubuntu4.13",
"binary_name": "apache2-utils"
}
]
}