IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

vendor_unpatched cve-2020-11985: Unpatched CVEs for Ubuntu Linux (cve-2020-11985)

The version of IBM HTTP Server running on the remote host is affected by a spoofing vulnerability due to a flaw when using proxying with mod_remoteip and certain mod_rewrite rules. An unauthenticated, remote attacker can exploit this in order to spoof IP addresses for logging and PHP scripts.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for apache2 fixes the following issues :

CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).

CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072).

CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This release includes the latest stable version of Apache **httpd**, version **2.4.46**. A security issue is addressed in this update :

  - **CVE-2020-11984** mod_proxy_uwsgi: Malicious request     may result in information disclosure or RCE of existing     file on the server running under a malicious process     environment.

For the full list of changes in this release, see https://downloads.apache.org/httpd/CHANGES_2.4.46

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202008-04 (Apache: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Apache. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.25. It is, therefore, affected by the following vulnerabilities :

  - A flaw exists in the mod_session_crypto module due to     encryption for data and cookies using the configured     ciphers with possibly either CBC or ECB modes of     operation (AES256-CBC by default). An unauthenticated,     remote attacker can exploit this, via a padding oracle     attack, to decrypt information without knowledge of the     encryption key, resulting in the disclosure of     potentially sensitive information. (CVE-2016-0736)

  - A denial of service vulnerability exists in the     mod_auth_digest module during client entry allocation.
    An unauthenticated, remote attacker can exploit this,     via specially crafted input, to exhaust shared memory     resources, resulting in a server crash. (CVE-2016-2161)

  - The Apache HTTP Server is affected by a     man-in-the-middle vulnerability known as 'httpoxy' due     to a failure to properly resolve namespace conflicts in     accordance with RFC 3875 section 4.1.18. The HTTP_PROXY     environment variable is set based on untrusted user data     in the 'Proxy' header of HTTP requests. The HTTP_PROXY     environment variable is used by some web client     libraries to specify a remote proxy server. An     unauthenticated, remote attacker can exploit this, via a     crafted 'Proxy' header in an HTTP request, to redirect     an application's internal HTTP traffic to an arbitrary     proxy server where it may be observed or manipulated.
    (CVE-2016-5387)

  - A denial of service vulnerability exists in the     mod_http2 module due to improper handling of the     LimitRequestFields directive. An unauthenticated, remote     attacker can exploit this, via specially crafted     CONTINUATION frames in an HTTP/2 request, to inject     unlimited request headers into the server, resulting in     the exhaustion of memory resources. (CVE-2016-8740)

  - A flaw exists due to improper handling of whitespace     patterns in user-agent headers. An unauthenticated,     remote attacker can exploit this, via a specially     crafted user-agent header, to cause the program to     incorrectly process sequences of requests, resulting in     interpreting responses incorrectly, polluting the cache,     or disclosing the content from one request to a second     downstream user-agent. (CVE-2016-8743)

  - A CRLF injection allowing HTTP response splitting attacks for     sites which use mod_userdir (CVE-2016-4975)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
144063	IBM HTTP Server 9.0.0.0 < 9.0.0.3 Spoofing (6324789)	Nessus	Web Servers	medium
140252	SUSE SLES12 Security Update : apache2 (SUSE-SU-2020:2450-1)	Nessus	SuSE Local Security Checks	medium
140226	Fedora 31 : httpd (2020-0d3d3f5072)	Nessus	Fedora Local Security Checks	critical
140105	Fedora 32 : httpd (2020-189a1e6c3e)	Nessus	Fedora Local Security Checks	critical
139439	GLSA-202008-04 : Apache: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
96451	Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)	Nessus	Web Servers	high

Detections

Analytics

CVE-2020-11985

medium

Tenable Plugins

Coming Soon

medium

medium

critical

critical

critical

high