A vulnerability, which was classified as critical, was found in Apache HTTP Server 2.4.24 (Web Server). This affects some unknown processing of the component mod_remoteip/mod_rewrite. The manipulation with an unknown input leads to a data authenticity vulnerability (IP Address). CWE is classifying the issue as CWE-345. The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

The weakness was published 08/07/2020 (Website). It is possible to read the advisory at security.gentoo.org. This vulnerability is uniquely identified as CVE-2020-11985 since 04/21/2020. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 08/08/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at 159374, 159376 and 159399.

Productinfo

Type

• Web Server

Vendor

• Apache

Name

• HTTP Server

Version

• 2.4.24

License

• open-source

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion