CVE-2016-5387

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

References

http://www.kb.cert.org/vuls/id/797896

https://httpoxy.org/

https://www.apache.org/security/asf-httpoxy-response.txt

https://lists.fedoraproject.org/archives/list/[email protected]/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/

http://www.securitytracker.com/id/1036330

https://lists.fedoraproject.org/archives/list/[email protected]/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://rhn.redhat.com/errata/RHSA-2016-1650.html

http://rhn.redhat.com/errata/RHSA-2016-1648.html

http://rhn.redhat.com/errata/RHSA-2016-1649.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html

https://access.redhat.com/errata/RHSA-2016:1635

http://rhn.redhat.com/errata/RHSA-2016-1625.html

https://access.redhat.com/errata/RHSA-2016:1422

https://access.redhat.com/errata/RHSA-2016:1851

https://access.redhat.com/errata/RHSA-2016:1421

https://access.redhat.com/errata/RHSA-2016:1420

http://www.securityfocus.com/bid/91816

https://lists.fedoraproject.org/archives/list/[email protected]/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/

http://www.ubuntu.com/usn/USN-3038-1

http://rhn.redhat.com/errata/RHSA-2016-1624.html

https://access.redhat.com/errata/RHSA-2016:1636

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

http://www.debian.org/security/2016/dsa-3623

https://security.gentoo.org/glsa/201701-36

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

https://www.tenable.com/security/tns-2017-04

https://support.apple.com/HT208221

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rc998b18880df98bafaa[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2016-07-19

Updated: 2021-06-06

Type: CWE-284

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
144302IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.13 / 8.5.0.0 < 8.5.5.11 / 9.0.0.0 < 9.0.0.1 HTTP Redirect (548223)NessusWeb Servers
high
124922EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)NessusHuawei Local Security Checks
critical
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
98910Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)Web Application ScanningComponent Vulnerability
high
104379macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)NessusMacOS X Local Security Checks
critical
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
101837Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)NessusMisc.
critical
101044Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)NessusMisc.
high
99793EulerOS 2.0 SP1 : httpd (EulerOS-SA-2016-1030)NessusHuawei Local Security Checks
high
99134macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)NessusMacOS X Local Security Checks
critical
97726Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)NessusMisc.
medium
96516GLSA-201701-36 : Apache: Multiple vulnerabilities (httpoxy)NessusGentoo Local Security Checks
high
96451Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)NessusWeb Servers
high
96450Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy)NessusWeb Servers
high
96090Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy)NessusSlackware Local Security Checks
high
96037FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy)NessusFreeBSD Local Security Checks
high
94654HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)NessusWeb Servers
high
93502RHEL 6 / 7 : JBoss Core Services (RHSA-2016:1851) (httpoxy)NessusRed Hat Local Security Checks
high
93295SUSE SLES12 Security Update : apache2 (SUSE-SU-2016:2090-1) (httpoxy)NessusSuSE Local Security Checks
high
9486Apache HTTP Server 2.2.x < 2.2.32 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
93119RHEL 6 : JBoss Web Server (RHSA-2016:1649) (httpoxy)NessusRed Hat Local Security Checks
high
93118RHEL 7 : JBoss Web Server (RHSA-2016:1648) (httpoxy)NessusRed Hat Local Security Checks
high
93065openSUSE Security Update : apache2-mod_fcgid (openSUSE-2016-1005) (httpoxy)NessusSuSE Local Security Checks
high
93044RHEL 6 : Red Hat JBoss Web Server 3.0.3 Service Pack 1 (RHSA-2016:1636) (httpoxy)NessusRed Hat Local Security Checks
high
93043RHEL 7 : Red Hat JBoss Web Server 3.0.3 Service Pack 1 (RHSA-2016:1635) (httpoxy)NessusRed Hat Local Security Checks
high
92806Fedora 23 : perl-CGI-Emulate-PSGI (2016-a29c65b00f) (httpoxy)NessusFedora Local Security Checks
high
92801Fedora 24 : perl-CGI-Emulate-PSGI (2016-683d0b257b) (httpoxy)NessusFedora Local Security Checks
high
92632Debian DLA-568-1 : wordpress security update (httpoxy)NessusDebian Local Security Checks
high
92593Fedora 23 : httpd (2016-df0726ae26) (httpoxy)NessusFedora Local Security Checks
high
92539HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)NessusWeb Servers
high
92536Fedora 24 : httpd (2016-9fd9bfab9e) (httpoxy)NessusFedora Local Security Checks
high
92475Debian DSA-3623-1 : apache2 - security update (httpoxy)NessusDebian Local Security Checks
high
92474Debian DLA-553-1 : apache2 security update (httpoxy)NessusDebian Local Security Checks
high
92472Amazon Linux AMI : httpd24 / httpd (ALAS-2016-725) (httpoxy)NessusAmazon Linux Local Security Checks
high
92449openSUSE Security Update : apache2 (openSUSE-2016-880) (httpoxy)NessusSuSE Local Security Checks
high
92409Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : apache2 vulnerability (USN-3038-1) (httpoxy)NessusUbuntu Local Security Checks
high
92404Scientific Linux Security Update : httpd on SL7.x x86_64 (20160718) (httpoxy)NessusScientific Linux Local Security Checks
high
92403Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20160718) (httpoxy)NessusScientific Linux Local Security Checks
high
92399RHEL 7 : httpd (RHSA-2016:1422) (httpoxy)NessusRed Hat Local Security Checks
high
92398RHEL 5 / 6 : httpd (RHSA-2016:1421) (httpoxy)NessusRed Hat Local Security Checks
high
92397Oracle Linux 7 : httpd (ELSA-2016-1422) (httpoxy)NessusOracle Linux Local Security Checks
high
92396Oracle Linux 5 / 6 : httpd (ELSA-2016-1421) (httpoxy)NessusOracle Linux Local Security Checks
high
92379CentOS 7 : httpd (CESA-2016:1422) (httpoxy)NessusCentOS Local Security Checks
high
92378CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy)NessusCentOS Local Security Checks
high