Description
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2202)
Oracle Database Server Other Vulnerability (CVE-2006-1872)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15808)
WordPress Plugin Maintenance Cross-Site Scripting (4.02)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9634)