Apache Missing X-Forwarded Headers Vulnerability

Apache Missing X-Forwarded Headers Vulnerability

A vulnerability related to Apache HTTP Server has just published.

The version of Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

Affected Systems

• Apache HTTP Server (version 2.4.53 and earlier)

IoC’s

-

Recommended Solution(s)

It is highly recommended to upgrade Apache HTTP Server version 2.5.54 (2022-06-08).

It is recommended to check up on the content in the links below:

CVE / CWE

CVE-2022-31813

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2022-31813
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://security.netapp.com/advisory/ntap-20220624-0005/

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.