HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote web application is affected by a man-in-the-middle

Description :

The web application running on the remote web server is affected by a
man-in-the-middle vulnerability known as 'httpoxy' due to a failure to
properly resolve namespace conflicts in accordance with RFC 3875
section 4.1.18. The HTTP_PROXY environment variable is set based on
untrusted user data in the 'Proxy' header of HTTP requests. The
HTTP_PROXY environment variable is used by some web client libraries
to specify a remote proxy server. An unauthenticated, remote attacker
can exploit this, via a crafted 'Proxy' header in an HTTP request, to
redirect an application's internal HTTP traffic to an arbitrary proxy
server where it may be observed or manipulated.

See also :

Solution :

Applicable libraries and products should be updated to address this
vulnerability. Please consult the library or product vendor for
available updates.

If updating the libraries and products is not an option, or if updates
are unavailable, filter 'Proxy' request headers on all inbound

Risk factor :

Medium / CVSS Base Score : 5.1

Family: Web Servers

Nessus Plugin ID: 92539 ()

Bugtraq ID: 91815

CVE ID: CVE-2016-5385

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now