Apache – CVE-2020-11985

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Insufficient Verification of Data Authenticity (CWE-345). Also known as CVE-2020-11985.

By abusing configurations that use proxying with mod_remoteip and certain mod_rewrite rules, attackers could spoof their IP address for logging and PHP scripts.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2020-11985, upgrade the version of Apache HTTP Server being used to 2.4.25 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11985

https://cwe.mitre.org/data/definitions/345.html

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »