CVE-2022-31813

CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism

Vendor Apache Software Foundation
Product Apache HTTP Server
Weakness CWE-348
Published June 8, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

Key dates

02Disclosure timeline

June 8, 2022 CVE published
August 3, 2024 Record updated