CVE-2016-5387

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation14 documents9 sources

Severity

8.1HIGH

EPSS

60.3%

top 1.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server HP System Management Homepage Oracle Communications User Data Repository +17 more

Timeline

PublishedJul 19

Latest updateMay 13

Description

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages15 packages

▶NVDapache/http_server2.2.0 — 2.2.31+1

▶NVDredhat/jboss_web_server2.1.0

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/jboss_enterprise_web_server2.0.0, 3.0.0+1

▶Debianapache2< 2.4.23-2+3

Also affects: Debian Linux 8.0, Fedora 23, 24, Ubuntu Linux 12.04, 14.04, 15.10, 16.04, Enterprise Linux 7.2, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-9hqr-6p2v-pfp2: The Apache HTTP Server through 2↗2022-05-13

▶

OSV

CVE-2016-5387: The Apache HTTP Server through 2↗2016-07-19

▶

CVEList

CVE-2016-5387: The Apache HTTP Server through 2↗2016-07-19

▶

📋Vendor Advisories

Apple

CVE-2016-5387: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan↗2017-10-31

▶

Apple

CVE-2016-5387: macOS High Sierra 10.13↗2017-09-25

▶

Apple

CVE-2016-5387: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite↗2017-03-27

▶

Ubuntu

Apache HTTP Server vulnerability↗2016-07-18

▶

Red Hat

HTTPD: sets environmental variable based on user supplied Proxy request header↗2016-07-18

▶

💬Community

Bugzilla

CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]↗2016-07-20

▶

Bugzilla

CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [fedora-all]↗2016-07-18

▶

Bugzilla

CVE-2016-5387 HTTPD: sets environmental variable based on user supplied Proxy request header↗2016-07-07

▶