There is a bug in mod_remoteip (a part of Apache Web Server): https://bz.apache.org/bugzilla/show_bug.cgi?id=60251
Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24.
Although a CVE id was not requested yet, actually it is a vulnerability.
The fix was not backported to Ubuntu 16.04 (xenial).
Impact: if a victim uses Apache rewrite rules, then an attacker can spoof his IP address for logs and PHP scripts.
There is a bug in mod_remoteip (a part of Apache Web Server): https:/ /bz.apache. org/bugzilla/ show_bug. cgi?id= 60251
Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24.
Although a CVE id was not requested yet, actually it is a vulnerability.
The fix was not backported to Ubuntu 16.04 (xenial).
Impact: if a victim uses Apache rewrite rules, then an attacker can spoof his IP address for logs and PHP scripts.
ProblemType: Bug ature: Ubuntu 4.4.0-22.40-generic 4.4.8 Listing: False
DistroRelease: Ubuntu 16.04
Package: apache2 2.4.18-2ubuntu3.14
ProcVersionSign
Uname: Linux 4.4.0-22-generic x86_64
Apache2ConfdDir
ApportVersion: 2.20.1-0ubuntu2.23
Architecture: amd64
Date: Mon Apr 27 13:17:43 2020
SourcePackage: apache2
UpgradeStatus: No upgrade log present (probably fresh install)
error.log:
modified. conffile. .etc.apache2. apache2. conf: [modified] conffile. .etc.apache2. mods-available. dir.conf: [modified] conffile. .etc.apache2. mods-available. ssl.conf: [modified] conffile. .etc.apache2. ports.conf: [modified] conffile. .etc.apache2. sites-available .000-default. conf: [modified] conffile. .etc.apache2. sites-available .default- ssl.conf: [modified] .etc.apache2. apache2. conf: 2020-04- 23T15:45: 48.416970 .etc.apache2. mods-available. dir.conf: 2020-04- 23T12:03: 13.711062 .etc.apache2. mods-available. ssl.conf: 2020-04- 23T12:02: 44.854484 .etc.apache2. ports.conf: 2020-04- 23T15:45: 48.169037 .etc.apache2. sites-available .000-default. conf: 2020-04- 23T15:45: 48.197030 .etc.apache2. sites-available .default- ssl.conf: 2020-04- 23T15:45: 48.225022
modified.
modified.
modified.
modified.
modified.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.
mtime.conffile.