Rewterz Threat Advisory – CVE-2020-9490 – Apache HTTP Server denial of service
August 11, 2020Rewterz Threat Alert – Fake Security Advisory used in cPanel Phishing Attack
August 11, 2020Rewterz Threat Advisory – CVE-2020-9490 – Apache HTTP Server denial of service
August 11, 2020Rewterz Threat Alert – Fake Security Advisory used in cPanel Phishing Attack
August 11, 2020Severity
Medium
Analysis Summary
Apache Apache HTTP Server could allow a remote attacker to conduct spoofing attacks, caused by a flaw when using proxying with mod_remoteip and certain mod_rewrite rules. By sending a specially-crafted request, an attacker could exploit this vulnerability to spoof IP address for logging and PHP scripts.
Impact
Server spoofing
Affected Vendors
Apache
Affected Products
Apache HTTP Server
Remediation
Upgrade to the latest version of Apache HTTP Server (2.4.25 or later).