Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-73123
HistoryJun 10, 2022 - 12:00 a.m.

Apache HTTP Server Data Forgery Issue Vulnerability (CNVD-2022-73123)

2022-06-1000:00:00
China National Vulnerability Database
www.cnvd.org.cn
2424
apache http server
data forgery
mod_proxy
x-forwarded-for
ip-based authentication

EPSS

0.01

Percentile

84.0%

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to a data forgery issue that stems from mod_proxy’s X-Forwarded-For hop-by-hop mechanism discard. An attacker could use this vulnerability to bypass IP-based authentication on the source server/application.