The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 5.3
Impact Score: 1.4
Exploitability Score: 3.9
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions from 2.4.1 to 2.4.23 (inclusive)
|144063||IBM HTTP Server 126.96.36.199 < 188.8.131.52 Spoofing (6324789)||Nessus||Web Servers|
|140252||SUSE SLES12 Security Update : apache2 (SUSE-SU-2020:2450-1)||Nessus||SuSE Local Security Checks|
|140226||Fedora 31 : httpd (2020-0d3d3f5072)||Nessus||Fedora Local Security Checks|
|140105||Fedora 32 : httpd (2020-189a1e6c3e)||Nessus||Fedora Local Security Checks|
|139439||GLSA-202008-04 : Apache: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|96451||Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)||Nessus||Web Servers|