The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html
http://rhn.redhat.com/errata/RHSA-2016-1624.html
http://rhn.redhat.com/errata/RHSA-2016-1625.html
http://rhn.redhat.com/errata/RHSA-2016-1648.html
http://rhn.redhat.com/errata/RHSA-2016-1649.html
http://rhn.redhat.com/errata/RHSA-2016-1650.html
http://www.debian.org/security/2016/dsa-3623
http://www.kb.cert.org/vuls/id/797896
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/91816
http://www.securitytracker.com/id/1036330
http://www.ubuntu.com/usn/USN-3038-1
https://access.redhat.com/errata/RHSA-2016:1420
https://access.redhat.com/errata/RHSA-2016:1421
https://access.redhat.com/errata/RHSA-2016:1422
https://access.redhat.com/errata/RHSA-2016:1635
https://access.redhat.com/errata/RHSA-2016:1636
https://access.redhat.com/errata/RHSA-2016:1851
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://security.gentoo.org/glsa/201701-36
https://support.apple.com/HT208221
Source: MITRE
Published: 2016-07-19
Updated: 2019-12-27
Type: CWE-284
Base Score: 5.1
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 4.9
Severity: MEDIUM
Base Score: 8.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.2
Severity: HIGH
OR
OR
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.4.23 (inclusive)
AND
OR
OR
OR
cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* versions up to 7.5.5.0 (inclusive)
OR
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
144302 | IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.13 / 8.5.0.0 < 8.5.5.11 / 9.0.0.0 < 9.0.0.1 HTTP Redirect (548223) | Nessus | Web Servers | medium |
124922 | EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419) | Nessus | Huawei Local Security Checks | high |
700511 | macOS < 10.13 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | critical |
98910 | Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy) | Web Application Scanning | Component Vulnerability | medium |
104379 | macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004) | Nessus | MacOS X Local Security Checks | critical |
103598 | macOS < 10.13 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
101837 | Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy) | Nessus | Misc. | high |
101044 | Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy) | Nessus | Misc. | high |
99793 | EulerOS 2.0 SP1 : httpd (EulerOS-SA-2016-1030) | Nessus | Huawei Local Security Checks | medium |
99134 | macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy) | Nessus | MacOS X Local Security Checks | critical |
97726 | Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy) | Nessus | Misc. | medium |
96516 | GLSA-201701-36 : Apache: Multiple vulnerabilities (httpoxy) | Nessus | Gentoo Local Security Checks | medium |
96451 | Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy) | Nessus | Web Servers | medium |
96450 | Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy) | Nessus | Web Servers | medium |
96090 | Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy) | Nessus | Slackware Local Security Checks | medium |
96037 | FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy) | Nessus | FreeBSD Local Security Checks | medium |
94654 | HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy) | Nessus | Web Servers | high |
93502 | RHEL 6 / 7 : JBoss Core Services (RHSA-2016:1851) (httpoxy) | Nessus | Red Hat Local Security Checks | medium |
93295 | SUSE SLES12 Security Update : apache2 (SUSE-SU-2016:2090-1) (httpoxy) | Nessus | SuSE Local Security Checks | medium |
9486 | Apache HTTP Server 2.2.x < 2.2.32 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
93119 | RHEL 6 : JBoss Web Server (RHSA-2016:1649) (httpoxy) | Nessus | Red Hat Local Security Checks | medium |
93118 | RHEL 7 : JBoss Web Server (RHSA-2016:1648) (httpoxy) | Nessus | Red Hat Local Security Checks | medium |
93065 | openSUSE Security Update : apache2-mod_fcgid (openSUSE-2016-1005) (httpoxy) | Nessus | SuSE Local Security Checks | medium |
93044 | RHEL 6 : Red Hat JBoss Web Server 3.0.3 Service Pack 1 (RHSA-2016:1636) (httpoxy) | Nessus | Red Hat Local Security Checks | medium |
93043 | RHEL 7 : Red Hat JBoss Web Server 3.0.3 Service Pack 1 (RHSA-2016:1635) (httpoxy) | Nessus | Red Hat Local Security Checks | medium |
92806 | Fedora 23 : perl-CGI-Emulate-PSGI (2016-a29c65b00f) (httpoxy) | Nessus | Fedora Local Security Checks | medium |
92801 | Fedora 24 : perl-CGI-Emulate-PSGI (2016-683d0b257b) (httpoxy) | Nessus | Fedora Local Security Checks | medium |
92632 | Debian DLA-568-1 : wordpress security update (httpoxy) | Nessus | Debian Local Security Checks | medium |
92593 | Fedora 23 : httpd (2016-df0726ae26) (httpoxy) | Nessus | Fedora Local Security Checks | medium |
92539 | HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy) | Nessus | Web Servers | medium |
92536 | Fedora 24 : httpd (2016-9fd9bfab9e) (httpoxy) | Nessus | Fedora Local Security Checks | medium |
92475 | Debian DSA-3623-1 : apache2 - security update (httpoxy) | Nessus | Debian Local Security Checks | medium |
92474 | Debian DLA-553-1 : apache2 security update (httpoxy) | Nessus | Debian Local Security Checks | medium |
92472 | Amazon Linux AMI : httpd24 / httpd (ALAS-2016-725) (httpoxy) | Nessus | Amazon Linux Local Security Checks | medium |
92449 | openSUSE Security Update : apache2 (openSUSE-2016-880) (httpoxy) | Nessus | SuSE Local Security Checks | medium |
92409 | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : apache2 vulnerability (USN-3038-1) (httpoxy) | Nessus | Ubuntu Local Security Checks | medium |
92404 | Scientific Linux Security Update : httpd on SL7.x x86_64 (20160718) (httpoxy) | Nessus | Scientific Linux Local Security Checks | medium |
92403 | Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20160718) (httpoxy) | Nessus | Scientific Linux Local Security Checks | medium |
92399 | RHEL 7 : httpd (RHSA-2016:1422) (httpoxy) | Nessus | Red Hat Local Security Checks | medium |
92398 | RHEL 5 / 6 : httpd (RHSA-2016:1421) (httpoxy) | Nessus | Red Hat Local Security Checks | medium |
92397 | Oracle Linux 7 : httpd (ELSA-2016-1422) (httpoxy) | Nessus | Oracle Linux Local Security Checks | medium |
92396 | Oracle Linux 5 / 6 : httpd (ELSA-2016-1421) (httpoxy) | Nessus | Oracle Linux Local Security Checks | medium |
92379 | CentOS 7 : httpd (CESA-2016:1422) (httpoxy) | Nessus | CentOS Local Security Checks | medium |
92378 | CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy) | Nessus | CentOS Local Security Checks | medium |