The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
History
07 Nov 2023, 02:33
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Sep 2022, 17:40
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References | (MLIST) https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-3038-1 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://support.apple.com/HT208221 - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/91816 - Third Party Advisory, VDB Entry | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1421 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1851 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1650.html - Broken Link, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1624.html - Broken Link, Third Party Advisory | |
References | (CONFIRM) https://www.tenable.com/security/tns-2017-04 - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1420 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1036330 - Broken Link, Third Party Advisory, VDB Entry | |
References | (DEBIAN) http://www.debian.org/security/2016/dsa-3623 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1635 - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-36 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-1625.html - Broken Link, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1636 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2016:1422 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.1 |
First Time |
Redhat enterprise Linux Workstation
Opensuse opensuse Redhat enterprise Linux Eus Oracle communications User Data Repository Redhat enterprise Linux Server Tus Redhat jboss Enterprise Web Server Opensuse leap Redhat enterprise Linux Server Debian Oracle enterprise Manager Ops Center Opensuse Canonical Redhat jboss Core Services Debian debian Linux Canonical ubuntu Linux Redhat enterprise Linux Server Aus Redhat enterprise Linux Desktop |
|
CPE | cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 12:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2016-07-19 02:00
Updated : 2023-12-10 11:46
NVD link : CVE-2016-5387
Mitre link : CVE-2016-5387
CVE.ORG link : CVE-2016-5387
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_desktop
- enterprise_linux_server_tus
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux
- jboss_enterprise_web_server
- enterprise_linux_eus
- jboss_web_server
- jboss_core_services
canonical
- ubuntu_linux
oracle
- enterprise_manager_ops_center
- linux
- communications_user_data_repository
- solaris
opensuse
- leap
- opensuse
hp
- system_management_homepage
debian
- debian_linux
fedoraproject
- fedora
apache
- http_server
CWE