Lucene search

K
f5F5F5:K21192332
HistoryJul 29, 2022 - 6:54 p.m.

Apache HTTP Server vulnerability CVE-2022-31813

2022-07-2918:54:00
support.f5.com
336
apache http server
x-forwarded-* headers
cve-2022-31813
ip-based authentication

EPSS

0.01

Percentile

84.0%

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)

Impact

An unauthenticated attacker with network access to the data plane may exploit this vulnerability to bypass IP-based authentication on the origin server or application.