Rewterz

Rewterz Threat Advisory – CVE-2020-9490 – Apache HTTP Server denial of service

August 11, 2020
Rewterz

Rewterz Threat Alert – Fake Security Advisory used in cPanel Phishing Attack

August 11, 2020

Rewterz Threat Advisory – CVE-2020-11985 – Apache HTTP Server spoofing

Severity

Medium

Analysis Summary

Apache Apache HTTP Server could allow a remote attacker to conduct spoofing attacks, caused by a flaw when using proxying with mod_remoteip and certain mod_rewrite rules. By sending a specially-crafted request, an attacker could exploit this vulnerability to spoof IP address for logging and PHP scripts.

Impact

Server spoofing

Affected Vendors

Apache

Affected Products

Apache HTTP Server

Remediation

Upgrade to the latest version of Apache HTTP Server (2.4.25 or later).

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.