CVE-2020-11985 Information
Share on:Description
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Reference
https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/[email protected]/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/ https://lists.fedoraproject.org/archives/list/[email protected]/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/ https://security.gentoo.org/glsa/202008-04 https://security.netapp.com/advisory/ntap-20200827-0002/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
5.3