CVE-2020-11985
Description
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
15.318
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Apache Apache 2.4.25 | Windows |
| Vulnerabilities CVE-2016-0736,CVE-2016-2161,CVE-2020-11985 are fixed in Apache 2.4.2 | Windows |
| Vulnerabilities CVE-2020-11985,CVE-2017-9798,CVE-2017-12618,CVE-2016-8743 are fixed in IBM HTTP 9.0.0.3 | Windows |
| Multiple vulnerabilities fixed in Apache Apache 2.4.25 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234