CVE-2016-5387

MEDIUM

Description

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

References

http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html

http://rhn.redhat.com/errata/RHSA-2016-1624.html

http://rhn.redhat.com/errata/RHSA-2016-1625.html

http://rhn.redhat.com/errata/RHSA-2016-1648.html

http://rhn.redhat.com/errata/RHSA-2016-1649.html

http://rhn.redhat.com/errata/RHSA-2016-1650.html

http://www.debian.org/security/2016/dsa-3623

http://www.kb.cert.org/vuls/id/797896

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/91816

http://www.securitytracker.com/id/1036330

http://www.ubuntu.com/usn/USN-3038-1

https://access.redhat.com/errata/RHSA-2016:1420

https://access.redhat.com/errata/RHSA-2016:1421

https://access.redhat.com/errata/RHSA-2016:1422

https://access.redhat.com/errata/RHSA-2016:1635

https://access.redhat.com/errata/RHSA-2016:1636

https://access.redhat.com/errata/RHSA-2016:1851

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://httpoxy.org/

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.fedoraproject.org/archives/list/[email protected]/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/

https://lists.fedoraproject.org/archives/list/[email protected]/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/

https://security.gentoo.org/glsa/201701-36

https://support.apple.com/HT208221

https://www.apache.org/security/asf-httpoxy-response.txt

https://www.tenable.com/security/tns-2017-04

Details

Source: MITRE

Published: 2016-07-19

Updated: 2019-12-27

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.4.23 (inclusive)

Configuration 3

AND

OR

cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* versions up to 7.5.5.0 (inclusive)

Configuration 5

OR

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
144302IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.13 / 8.5.0.0 < 8.5.5.11 / 9.0.0.0 < 9.0.0.1 HTTP Redirect (548223)NessusWeb Servers
medium
124922EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)NessusHuawei Local Security Checks
high
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
98910Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)Web Application ScanningComponent Vulnerability
medium
104379macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)NessusMacOS X Local Security Checks
critical
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
101837Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)NessusMisc.
high
101044Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)NessusMisc.
high
99793EulerOS 2.0 SP1 : httpd (EulerOS-SA-2016-1030)NessusHuawei Local Security Checks
medium
99134macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)NessusMacOS X Local Security Checks
critical
97726Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)NessusMisc.
medium
96516GLSA-201701-36 : Apache: Multiple vulnerabilities (httpoxy)NessusGentoo Local Security Checks
medium
96451Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)NessusWeb Servers
medium
96450Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy)NessusWeb Servers
medium
96090Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy)NessusSlackware Local Security Checks
medium
96037FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy)NessusFreeBSD Local Security Checks
medium
94654HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)NessusWeb Servers
high
93502RHEL 6 / 7 : JBoss Core Services (RHSA-2016:1851) (httpoxy)NessusRed Hat Local Security Checks
medium
93295SUSE SLES12 Security Update : apache2 (SUSE-SU-2016:2090-1) (httpoxy)NessusSuSE Local Security Checks
medium
9486Apache HTTP Server 2.2.x < 2.2.32 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
93119RHEL 6 : JBoss Web Server (RHSA-2016:1649) (httpoxy)NessusRed Hat Local Security Checks
medium
93118RHEL 7 : JBoss Web Server (RHSA-2016:1648) (httpoxy)NessusRed Hat Local Security Checks
medium
93065openSUSE Security Update : apache2-mod_fcgid (openSUSE-2016-1005) (httpoxy)NessusSuSE Local Security Checks
medium
93044RHEL 6 : Red Hat JBoss Web Server 3.0.3 Service Pack 1 (RHSA-2016:1636) (httpoxy)NessusRed Hat Local Security Checks
medium
93043RHEL 7 : Red Hat JBoss Web Server 3.0.3 Service Pack 1 (RHSA-2016:1635) (httpoxy)NessusRed Hat Local Security Checks
medium
92806Fedora 23 : perl-CGI-Emulate-PSGI (2016-a29c65b00f) (httpoxy)NessusFedora Local Security Checks
medium
92801Fedora 24 : perl-CGI-Emulate-PSGI (2016-683d0b257b) (httpoxy)NessusFedora Local Security Checks
medium
92632Debian DLA-568-1 : wordpress security update (httpoxy)NessusDebian Local Security Checks
medium
92593Fedora 23 : httpd (2016-df0726ae26) (httpoxy)NessusFedora Local Security Checks
medium
92539HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)NessusWeb Servers
medium
92536Fedora 24 : httpd (2016-9fd9bfab9e) (httpoxy)NessusFedora Local Security Checks
medium
92475Debian DSA-3623-1 : apache2 - security update (httpoxy)NessusDebian Local Security Checks
medium
92474Debian DLA-553-1 : apache2 security update (httpoxy)NessusDebian Local Security Checks
medium
92472Amazon Linux AMI : httpd24 / httpd (ALAS-2016-725) (httpoxy)NessusAmazon Linux Local Security Checks
medium
92449openSUSE Security Update : apache2 (openSUSE-2016-880) (httpoxy)NessusSuSE Local Security Checks
medium
92409Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : apache2 vulnerability (USN-3038-1) (httpoxy)NessusUbuntu Local Security Checks
medium
92404Scientific Linux Security Update : httpd on SL7.x x86_64 (20160718) (httpoxy)NessusScientific Linux Local Security Checks
medium
92403Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20160718) (httpoxy)NessusScientific Linux Local Security Checks
medium
92399RHEL 7 : httpd (RHSA-2016:1422) (httpoxy)NessusRed Hat Local Security Checks
medium
92398RHEL 5 / 6 : httpd (RHSA-2016:1421) (httpoxy)NessusRed Hat Local Security Checks
medium
92397Oracle Linux 7 : httpd (ELSA-2016-1422) (httpoxy)NessusOracle Linux Local Security Checks
medium
92396Oracle Linux 5 / 6 : httpd (ELSA-2016-1421) (httpoxy)NessusOracle Linux Local Security Checks
medium
92379CentOS 7 : httpd (CESA-2016:1422) (httpoxy)NessusCentOS Local Security Checks
medium
92378CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy)NessusCentOS Local Security Checks
medium