[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-5387

Date: (C)2016-08-25   (M)2017-10-12
 
CVSS Score: 5.1Access Vector: NETWORK
Exploitability Subscore: 4.9Access Complexity: HIGH
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Reference:
SECTRACK-1036330
BID-91816
DSA-3623
FEDORA-2016-683d0b257b
FEDORA-2016-9fd9bfab9e
FEDORA-2016-a29c65b00f
FEDORA-2016-df0726ae26
GLSA-201701-36
RHSA-2016:1420
RHSA-2016:1421
RHSA-2016:1422
RHSA-2016:1624
RHSA-2016:1625
RHSA-2016:1635
RHSA-2016:1636
RHSA-2016:1648
RHSA-2016:1649
RHSA-2016:1650
RHSA-2016:1851
USN-3038-1
VU#797896
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://httpoxy.org/
https://www.apache.org/security/asf-httpoxy-response.txt
openSUSE-SU-2016:1824

CPE    3
cpe:/o:fedoraproject:fedora:23
cpe:/o:oracle:linux:7.0
cpe:/o:oracle:linux:6.0
CWE    1
CWE-284
OVAL    17
oval:org.secpod.oval:def:703210
oval:org.secpod.oval:def:111197
oval:org.secpod.oval:def:111035
oval:org.secpod.oval:def:39596
...

© 2013 SecPod Technologies