CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low
mod_proxy in Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is caused due to encoding problem. This allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.