A flaw was found in httpd before version 2.4.24. When proxying using mod_remoteip and mod_rewrite its possible to spoof IP addresses.
Name: the Apache project
This vulnerability is out of security support scope for the following product:
* Red Hat JBoss Enterprise Web Server 2
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Created httpd tracking bugs for this issue:
Affects: fedora-all [bug 1868147]
This issue only affects httpd-2.4.x, therefore, httpd packages shipped with Red Hat Enterprise Linux 6 are not affected by this flaw.