HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote web application is affected by a man-in-the-middle
vulnerability.

Description :

The web application running on the remote web server is affected by a
man-in-the-middle vulnerability known as 'httpoxy' due to a failure to
properly resolve namespace conflicts in accordance with RFC 3875
section 4.1.18. The HTTP_PROXY environment variable is set based on
untrusted user data in the 'Proxy' header of HTTP requests. The
HTTP_PROXY environment variable is used by some web client libraries
to specify a remote proxy server. An unauthenticated, remote attacker
can exploit this, via a crafted 'Proxy' header in an HTTP request, to
redirect an application's internal HTTP traffic to an arbitrary proxy
server where it may be observed or manipulated.

See also :

https://httpoxy.org/
http://seclists.org/oss-sec/2016/q3/94

Solution :

Applicable libraries and products should be updated to address this
vulnerability. Please consult the library or product vendor for
available updates.

If updating the libraries and products is not an option, or if updates
are unavailable, filter 'Proxy' request headers on all inbound
requests.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 92539 ()

Bugtraq ID: 91815
91816
91818
91821

CVE ID: CVE-2016-5385
CVE-2016-5386
CVE-2016-5387
CVE-2016-5388
CVE-2016-1000109
CVE-2016-1000110

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now