Apache – CVE-2020-11985

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Insufficient Verification of Data Authenticity (CWE-345). Also known as CVE-2020-11985.

By abusing configurations that use proxying with mod_remoteip and certain mod_rewrite rules, attackers could spoof their IP address for logging and PHP scripts.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2020-11985, upgrade the version of Apache HTTP Server being used to 2.4.25 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11985

https://cwe.mitre.org/data/definitions/345.html

< Return to all Vulnerabilities

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »