CVE-2016-5385

CWE-601 — Open Redirect CWE-20 — Improper Input Validation7 documents6 sources

Severity

8.1HIGH

EPSS

81.3%

top 0.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Drupal Drupal PHP PHP Amphp Artax +15 more

Timeline

PublishedJul 19

Latest updateApr 7

Description

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "h…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages18 packages

▶Packagistguzzlehttp/guzzle6 — 6.2.1+2

▶NVDredhat/enterprise_linux_server6.0

▶NVDoracle/communications_user_data_repository10.0.0, 10.0.1, 12.0.0+2

▶NVDphp/php5.5.0 — 5.5.38+2

▶Packagistamphp/artax2.0.0 — 2.0.4+1

Also affects: Debian Linux 8.0, Fedora 23, 24

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

HTTP Proxy header vulnerability↗2022-04-07

▶

CVEList

CVE-2016-5385: PHP through 7↗2016-07-19

▶

OSV

CVE-2016-5385: PHP through 7↗2016-07-18

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2016-08-02

▶

Red Hat

PHP: sets environmental variable based on user supplied Proxy request header↗2016-07-18

▶

💬Community

Bugzilla

CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header↗2016-07-08

▶