[3.5] Go: sets environmental variable based on user supplied Proxy request header (CVE-2016-5386)ID: oval:org.secpod.oval:def:1800516 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
Many software projects and vendors have implemented support for the Proxy request header in their respective CGI implementations and languages by creating the HTTP_PROXY environmental variable based on the header value. When this variable is used any outgoing requests generated in turn from the attackers original request can be redirected to an attacker controlled proxy. This allows attackers to view potentially sensitive information, reply with malformed data, or to hold connections open causing a potential denial of service.
Platform: |
Alpine Linux 3.5 |