gsd-2016-5385
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-5385",
"description": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue.",
"id": "GSD-2016-5385",
"references": [
"https://www.suse.com/security/cve/CVE-2016-5385.html",
"https://www.debian.org/security/2016/dsa-3631",
"https://access.redhat.com/errata/RHSA-2016:1613",
"https://access.redhat.com/errata/RHSA-2016:1612",
"https://access.redhat.com/errata/RHSA-2016:1611",
"https://access.redhat.com/errata/RHSA-2016:1610",
"https://access.redhat.com/errata/RHSA-2016:1609",
"https://ubuntu.com/security/CVE-2016-5385",
"https://alas.aws.amazon.com/cve/html/CVE-2016-5385.html",
"https://linux.oracle.com/cve/CVE-2016-5385.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-5385"
],
"details": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue.",
"id": "GSD-2016-5385",
"modified": "2023-12-13T01:21:25.122738Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "MISC",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-1609.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-1610.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-1611.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-1612.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-1613.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html"
},
{
"name": "http://www.debian.org/security/2016/dsa-3631",
"refsource": "MISC",
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"name": "http://www.kb.cert.org/vuls/id/797896",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"name": "http://www.securityfocus.com/bid/91821",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/91821"
},
{
"name": "http://www.securitytracker.com/id/1036335",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1036335"
},
{
"name": "https://github.com/guzzle/guzzle/releases/tag/6.2.1",
"refsource": "MISC",
"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us",
"refsource": "MISC",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"refsource": "MISC",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297",
"refsource": "MISC",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297"
},
{
"name": "https://httpoxy.org/",
"refsource": "MISC",
"url": "https://httpoxy.org/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/"
},
{
"name": "https://security.gentoo.org/glsa/201611-22",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "https://www.drupal.org/SA-CORE-2016-003",
"refsource": "MISC",
"url": "https://www.drupal.org/SA-CORE-2016-003"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.0.4||\u003e=2.0.0,\u003c2.0.4",
"affected_versions": "All versions before 1.0.4, all versions starting from 2.0.0 before 2.0.4",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-937"
],
"date": "2019-03-04",
"description": "httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link.",
"fixed_versions": [
"1.0.4",
"2.0.4"
],
"identifier": "CVE-2016-5385",
"identifiers": [
"CVE-2016-5385"
],
"not_impacted": "All versions starting from 1.0.4 before 2.0.4, all versions before 2.0.0",
"package_slug": "packagist/amphp/artax",
"pubdate": "2016-07-18",
"solution": "Upgrade to versions v1.0.4, v2.0.4 or above.",
"title": "HTTP Proxy header vulnerability",
"urls": [
"https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97",
"https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9",
"https://httpoxy.org/"
],
"uuid": "960ebe85-315f-451f-9882-6b308711a48a"
},
{
"affected_range": "\u003c2.0.2",
"affected_versions": "All versions before 2.0.2",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-937"
],
"date": "2019-03-04",
"description": "httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link.",
"fixed_versions": [
"v2.0.2"
],
"identifier": "CVE-2016-5385",
"identifiers": [
"CVE-2016-5385"
],
"not_impacted": "All versions starting from 2.0.2",
"package_slug": "packagist/bugsnag/bugsnag-laravel",
"pubdate": "2016-07-18",
"solution": "Upgrade to version v2.0.2 or above.",
"title": "HTTP Proxy header vulnerability",
"urls": [
"https://github.com/bugsnag/bugsnag-laravel/pull/143",
"https://github.com/bugsnag/bugsnag-laravel/pull/145",
"https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2",
"https://httpoxy.org/"
],
"uuid": "d265909e-d767-4828-8a43-f92f38a86c9c"
},
{
"affected_range": "\u003e=8.0,\u003c8.1.0",
"affected_versions": "All versions starting from 8.0 before 8.1.0",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-937"
],
"date": "2019-03-04",
"description": "PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an `httpoxy` issue.",
"fixed_versions": [
"8.1.0"
],
"identifier": "CVE-2016-5385",
"identifiers": [
"CVE-2016-5385"
],
"not_impacted": "All versions before 8.0, all versions starting from 8.1.0",
"package_slug": "packagist/drupal/core",
"pubdate": "2016-07-18",
"solution": "Upgrade to version 8.1.0 or above.",
"title": "Improper Access Control",
"urls": [
"https://www.drupal.org/SA-CORE-2016-003"
],
"uuid": "6543641d-51d0-4dbe-97d9-0d5803a9d092"
},
{
"affected_range": "\u003e=8.0,\u003c8.1.0",
"affected_versions": "All versions starting from 8.0 before 8.1.0",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-937"
],
"date": "2019-03-04",
"description": "PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an `httpoxy` issue.",
"fixed_versions": [
"8.1.0"
],
"identifier": "CVE-2016-5385",
"identifiers": [
"CVE-2016-5385"
],
"not_impacted": "All versions before 8.0, all versions starting from 8.1.0",
"package_slug": "packagist/drupal/drupal",
"pubdate": "2016-07-18",
"solution": "Upgrade to version 8.1.0 or above.",
"title": "Improper Access Control",
"urls": [
"https://www.drupal.org/SA-CORE-2016-003"
],
"uuid": "1da3dd43-0de8-4e3b-93eb-cd89c9c24e7b"
},
{
"affected_range": "\u003c4.2.4||\u003e=5.0.0,\u003c 5.3.1||\u003e6.0.0,\u003c6.2.1",
"affected_versions": "All versions before 4.2.4, all versions starting from 5.0.0 before 5.3.1, all versions after 6.0.0 before 6.2.1",
"credit": "Scott Geary (VendHQ)",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-937"
],
"date": "2019-03-04",
"description": "httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC (CGI) puts the HTTP Proxy header from a request into the environment variables as `HTTP_PROXY` and `HTTP_PROXY` is a popular environment variable used to configure an outgoing proxy. This leads to a remotely exploitable vulnerability.",
"fixed_versions": [
"4.2.4",
"5.3.1",
"6.2.1"
],
"identifier": "CVE-2016-5385",
"identifiers": [
"CVE-2016-5385"
],
"package_slug": "packagist/guzzlehttp/guzzle",
"pubdate": "2016-07-18",
"solution": "Upgrade to at least 4.2.4, 5.3.1 or 6.2.1",
"title": "Vulnerability in CGI applications",
"urls": [
"https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18",
"https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18",
"https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08",
"https://github.com/guzzle/guzzle/releases/tag/6.2.1",
"https://httpoxy.org/"
],
"uuid": "ac56a2a9-30ad-45b4-b292-5188e61b09c1"
},
{
"affected_range": "\u003c1.1.2",
"affected_versions": "All versions before 1.1.2",
"credit": "Niklas Keller",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-284",
"CWE-937"
],
"date": "2019-03-04",
"description": "`humbug_get_contents ` is affected by httpoxy, a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. If a vulnerable HTTP client makes an outgoing HTTP connection, while running in a server-side CGI application, an attacker may be able to: * Proxy the outgoing HTTP requests made by the web application * Direct the server to open outgoing connections to an address and port of their choosing * Tie up server resources by forcing the vulnerable software to use a malicious proxy ",
"fixed_versions": [
"1.1.2"
],
"identifier": "CVE-2016-5385",
"identifiers": [
"CVE-2016-5385"
],
"not_impacted": "All versions starting from 1.1.2",
"package_slug": "packagist/padraic/humbug_get_contents",
"pubdate": "2016-07-18",
"solution": "Upgrade to version 1.1.2 or above.",
"title": "httpoxy vulnerability",
"urls": [
"https://github.com/humbug/file_get_contents/pull/23",
"https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5",
"https://github.com/humbug/file_get_contents/releases/tag/1.1.2",
"https://httpoxy.org/"
],
"uuid": "76cb1c36-6203-4827-9c6c-6cb7487aa179"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:storeever_msl6480_tape_library_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hp:storeever_msl6480_tape_library:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.24",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.38",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.7",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5385"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
},
{
"name": "VU#797896",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"name": "https://httpoxy.org/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://httpoxy.org/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297"
},
{
"name": "openSUSE-SU-2016:1922",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
},
{
"name": "91821",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91821"
},
{
"name": "RHSA-2016:1611",
"refsource": "REDHAT",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html"
},
{
"name": "RHSA-2016:1612",
"refsource": "REDHAT",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html"
},
{
"name": "RHSA-2016:1613",
"refsource": "REDHAT",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html"
},
{
"name": "RHSA-2016:1610",
"refsource": "REDHAT",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html"
},
{
"name": "RHSA-2016:1609",
"refsource": "REDHAT",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://www.drupal.org/SA-CORE-2016-003",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.drupal.org/SA-CORE-2016-003"
},
{
"name": "https://github.com/guzzle/guzzle/releases/tag/6.2.1",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
},
{
"name": "1036335",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036335"
},
{
"name": "DSA-3631",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-12T23:23Z",
"publishedDate": "2016-07-19T02:00Z"
}
}
}
Loading...