CVE-2020-11985

Priority
Description
IP address spoofing when proxying using mod_remoteip and mod_rewrite For
configurations using proxying with mod_remoteip and certain mod_rewrite
rules, an attacker could spoof their IP address for logging and PHP
scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was
retrospectively allocated a low severity CVE in 2020.
Notes
mdeslaurreleased pre-CVE assignment as an SRU to xenial
Package
Upstream:released (2.4.24)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (2.4.18-2ubuntu3.15)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.4.29-1ubuntu4.13)
Ubuntu 20.04 LTS (Focal Fossa):not-affected
Ubuntu 20.10 (Groovy Gorilla):not-affected
Patches:
Upstream:https://svn.apache.org/viewvc?view=revision&revision=1688399
Upstream:https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020
More Information

Updated: 2020-09-09 23:34:47 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)