Apache's mod_remoteip: IP address spoofing via X-Forwarded-For when mod_rewrite rule is triggered

Package: apache2 Version: 2.4.10-10+deb8u16 Severity: grave Tags: security Dear Maintainer, There is a bug in mod_remoteip (a part of Apache Web Server): https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24. Althou

Re: dla-needed.txt: Add note on CVE-2020-1769 in otrs2.

Chris, On 29/04/20 4:28 am, Chris Lamb wrote: > Abhijith, > >>> otrs2 >>>NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch >>> (abhijith) >>> + NOTE: 20200427: Cannot find the above comment on the various >>> commits/PRs, nor >>> + NOTE: 20200427: on the -dev mailing list

Re: Apache's mod_remoteip: IP address spoofing via X-Forwarded-For when mod_rewrite rule is triggered

Hi, [For context, this report first reached the security team, we redirected to the LTS team as specific for the jessie version of apache2] On Wed, Apr 29, 2020 at 07:00:38AM +, Andrey Zelenchuk wrote: > Package: apache2 > Version: 2.4.10-10+deb8u16 > Severity: grave > Tags: security > > Dea