Medium
Apache Apache HTTP Server could allow a remote attacker to conduct spoofing attacks, caused by a flaw when using proxying with mod_remoteip and certain mod_rewrite rules. By sending a specially-crafted request, an attacker could exploit this vulnerability to spoof IP address for logging and PHP scripts.
Server spoofing
Apache
Apache HTTP Server
Upgrade to the latest version of Apache HTTP Server (2.4.25 or later).