Apache – CVE-2020-11985

Description

Cytrix has detected that the Version of Apache HTTP Server being used is vulnerable to Insufficient Verification of Data Authenticity (CWE-345). Also known as CVE-2020-11985.

By abusing configurations that use proxying with mod_remoteip and certain mod_rewrite rules, attackers could spoof their IP address for logging and PHP scripts.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2020-11985, upgrade the version of Apache HTTP Server being used to 2.4.25 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11985

https://cwe.mitre.org/data/definitions/345.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »