Date: Fri, 07 Aug 2020 06:31:38 -0500 From: Daniel Ruggeri <druggeri@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2020-11985: Apache httpd: CWE-345: Insufficient verification of data authenticity CVE-2020-11985: CWE-345: Insufficient verification of data authenticity Severity: low Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.1 to 2.4.23 Description: Apache HTTP Server 2.4.1 to 2.4.23 IP address spoofing when proxying using mod_remoteip and mod_rewrite Mitigation: Disable mod_remoteip Credit: Initially reported at https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299 References: https://httpd.apache.org/security/vulnerabilities_24.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.