Security Advisory

CVE-2022-31813

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-08 10:00:57
Last updated 2024-08-03 07:26:01
Assigner apache
State PUBLISHED

Description

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.