41 matches found
RHEL 6 / 7 : httpd24-httpd (RHSA-2019:4126)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4126 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...
BIT-APACHE-2020-11985
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
K54207009: Apache mod_remoteip vulnerability CVE-2019-10097
Security Advisory Description In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only...
K54358814: Apache mod_remoteip vulnerability CVE-2020-11985
Security Advisory Description IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server...
SUSE CVE-2020-11985
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
httpd:2.4 security, bug fix, and enhancement update
httpd 2.4.37-13.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-30 - Resolves: 1209162 - support logging to journald from CustomLog 2.4.37-29 - Resolves: 1823263 CVE-2020-1934 - CVE-2020-1934 httpd: modproxyftp use o...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2020:2450-1)
This update for apache2 fixes the following issues : CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. CVE-2020-11985: IP address spoofing when proxying using modremoteip and modrewrite bsc1175072. CVE-2020-11993: When...
IP Address Spoofing
httpd24-httpd is vulnerable to IP address spoofing. The vulnerability exists when proxying using modremoteip and modrewrite can cause spoof in logging and PHP scripts...
CVE-2020-11985
A flaw was found in the modremoteip module shipped with the httpd package. This flaw allows an attacker to spoof the IP address, resulting in the bypass of a modrewrite rule. The highest threat from this vulnerability is to integrity...
Apache HTTP Server 2.4.1 < 2.4.24 IP Spoofing Vulnerability - Linux
Apache HTTP Server is prone to an IP address spoofing vulnerability when proxying using modremoteip and modrewrite. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Apache HTTP Server 2.4.1 < 2.4.24 IP Spoofing Vulnerability - Windows
Apache HTTP Server is prone to an IP address spoofing vulnerability when proxying using modremoteip and modrewrite. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
DEBIAN-CVE-2020-11985
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
CVE-2020-11985
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
Spoofing
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
CVE-2020-11985
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
CVE-2020-11985
CVE-2020-11985 – Apache HTTP Server spoofing via proxying with mod_remoteip and mod_rewrite is documented in the initial CVE entry and corroborated by connected sources. Affected behavior: an attacker could spoof their IP address for logs and PHP scripts when proxying through mod_remoteip with ce...
CVE-2020-11985
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)
According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the...
CVE-2019-10097
A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...
Moderate: Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update
An update for httpd24, httpd24-httpd, and httpd24-nghttp2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...