Vulnerability-Lookup

WID-SEC-W-2025-2522

Vulnerability from csaf_certbund - Published: 2016-07-18 22:00 - Updated: 2025-11-10 23:00

Summary

Mehrere Webserver: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird. Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen. Apache ist ein Webserver für verschiedene Plattformen. Python ist eine universelle, üblicherweise interpretierte höhere Programmiersprache.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in mehreren Webserver Produkten ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.\r\nApache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.\r\nApache ist ein Webserver f\u00fcr verschiedene Plattformen.\r\nPython ist eine universelle, \u00fcblicherweise interpretierte h\u00f6here Programmiersprache.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in mehreren Webserver Produkten ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2522 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2025-2522.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2522 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2522"
      },
      {
        "category": "external",
        "summary": "Meldung auf httpoxy.org vom 2016-07-18",
        "url": "https://httpoxy.org/"
      },
      {
        "category": "external",
        "summary": "Cert.org Vulnerability Note VU#797896 vom 2016-07-18",
        "url": "http://www.kb.cert.org/vuls/id/797896"
      },
      {
        "category": "external",
        "summary": "Microsoft Knowledge Base article #3179800 vom 2016-07-18",
        "url": "https://support.microsoft.com/en-us/kb/3179800"
      },
      {
        "category": "external",
        "summary": "Meldung auf nginx.com vom 2016-07-18",
        "url": "https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/"
      },
      {
        "category": "external",
        "summary": "Meldung auf Apache.org vom 2016-07-18",
        "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3038-1 vom 2016-07-18",
        "url": "http://www.ubuntu.com/usn/usn-3038-1/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1420 vom 2016-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2016:1420"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1421 vom 2016-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2016:1421"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla #1353755 vom 2016-07-18",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387"
      },
      {
        "category": "external",
        "summary": "Debian Security Tracker CVE-2016-5387 vom 2016-07-18",
        "url": "https://security-tracker.debian.org/tracker/CVE-2016-5387"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailliste vom 2016-07-19",
        "url": "http://seclists.org/oss-sec/2016/q3/94"
      },
      {
        "category": "external",
        "summary": "CentOS Announce CESA-2016:1421 vom 2016-07-18",
        "url": "http://permalink.gmane.org/gmane.linux.centos.announce/9976"
      },
      {
        "category": "external",
        "summary": "CentOS Announce CESA-2016:1422 vom 2016-07-18",
        "url": "http://permalink.gmane.org/gmane.linux.centos.announce/9975"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailliste vom 2016-07-19",
        "url": "http://seclists.org/oss-sec/2016/q3/95"
      },
      {
        "category": "external",
        "summary": "Typo3 Core Security Advisory typo3-core-sa-2016-019 vom 2016-07-19",
        "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-019/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-3623-1 vom 2016-07-20",
        "url": "https://lists.debian.org/debian-security-announce/2016/msg00201.html"
      },
      {
        "category": "external",
        "summary": "SUSE Patch vom 2016-07-20",
        "url": "https://download.suse.com/patch/finder/?keywords=a513b952ed04bce0c2391eb2ba3b9f2c"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-3631 vom 2016-07-27",
        "url": "https://www.debian.org/security/2016/dsa-3631"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3045-1 vom 2016-08-02",
        "url": "http://www.ubuntu.com/usn/usn-3045-1/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1538 vom 2016-08-03",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1538.html"
      },
      {
        "category": "external",
        "summary": "Unify Security Advisory Report - OBSO-1607-01 vom 2016-07-27",
        "url": "https://networks.unify.com/security/advisories/OBSO-1607-01.pdf"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1609 vom 2016-08-12",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1609.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1610 vom 2016-08-12",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1610.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1611 vom 2016-08-12",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1611.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1612 vom 2016-08-12",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1612.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1613 vom 2016-08-12",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1613.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2090 vom 2016-08-17",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-August/002213.html"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory RHSA-2016-1624",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1624.html"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory RHSA-2016-1625",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1625.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1630-1 vom 2016-08-18",
        "url": "http://rhn.redhat.com/errata/RHSA-2016-1630.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1629-1 vom 2016-08-18",
        "url": "http://rhn.redhat.com/errata/RHSA-2016-1629.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1628-1 vom 2016-08-18",
        "url": "http://rhn.redhat.com/errata/RHSA-2016-1628.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1627-1 vom 2016-08-18",
        "url": "http://rhn.redhat.com/errata/RHSA-2016-1627.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1626-1 vom 2016-08-18",
        "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2106-1 vom 2016-08-19",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-August/002219.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1650-1 vom 2016-08-22",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1650.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1649-1 vom 2016-08-22",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1649.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1648-1 vom 2016-08-22",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-1648.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2188-1 vom 2016-09-03",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162188-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2229-1 vom 2016-09-07",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162229-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2270-1 vom 2016-09-10",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1978 vom 2016-09-30",
        "url": "https://access.redhat.com/errata/RHSA-2016:1978"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2653-1 vom 2016-10-26",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162653-1.html"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBUX03665 vom 2016-11-07",
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2016-2586 vom 2016-11-09",
        "url": "http://linux.oracle.com/errata/ELSA-2016-2586.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2016-2598 vom 2016-11-09",
        "url": "http://linux.oracle.com/errata/ELSA-2016-2598.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2859-1 vom 2016-11-18",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162859-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3134-1 vom 2016-11-23",
        "url": "http://www.ubuntu.com/usn/usn-3134-1/"
      },
      {
        "category": "external",
        "summary": "Eintrag auf Apache.org",
        "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0114-1 vom 2017-01-12",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170114-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0190-1 vom 2017-01-18",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170190-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3177-1 vom 2017-01-23",
        "url": "http://www.ubuntu.com/usn/usn-3177-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3177-2 vom 2017-02-02",
        "url": "http://www.ubuntu.com/usn/usn-3177-2/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:1632-1 vom 2017-06-21",
        "url": "https://lists.opensuse.org/opensuse-security-announce/2017-06/msg00025.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:1660-1 vom 2017-06-24",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171660-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:0273 vom 2018-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2018:0273"
      },
      {
        "category": "external",
        "summary": "Dell/EMC Knowledge Base Article: 000529947",
        "url": "https://support.emc.com/kb/529947"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:0223-1 vom 2019-02-01",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190223-1.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15706-1 vom 2025-11-07",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J2YFYRHG3D4WKV5P6XA25CFPNSEBUKHC/"
      }
    ],
    "source_lang": "en-US",
    "title": "Mehrere Webserver: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2025-11-10T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-11T06:37:21.182+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2522",
      "initial_release_date": "2016-07-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2016-07-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2016-07-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-07-18T22:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-07-18T22:00:00.000+00:00",
          "number": "4",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-07-19T22:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2016-07-20T22:00:00.000+00:00",
          "number": "6",
          "summary": "New remediations available"
        },
        {
          "date": "2016-07-20T22:00:00.000+00:00",
          "number": "7",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-07-27T22:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2016-07-27T22:00:00.000+00:00",
          "number": "9",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-02T22:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-02T22:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-02T22:00:00.000+00:00",
          "number": "12",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-11T22:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-11T22:00:00.000+00:00",
          "number": "14",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-11T22:00:00.000+00:00",
          "number": "15",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-11T22:00:00.000+00:00",
          "number": "16",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-11T22:00:00.000+00:00",
          "number": "17",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-17T22:00:00.000+00:00",
          "number": "18",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-17T22:00:00.000+00:00",
          "number": "19",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-17T22:00:00.000+00:00",
          "number": "20",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-18T22:00:00.000+00:00",
          "number": "21",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-18T22:00:00.000+00:00",
          "number": "22",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-21T22:00:00.000+00:00",
          "number": "23",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-21T22:00:00.000+00:00",
          "number": "24",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-22T22:00:00.000+00:00",
          "number": "25",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-22T22:00:00.000+00:00",
          "number": "26",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-22T22:00:00.000+00:00",
          "number": "27",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-09-04T22:00:00.000+00:00",
          "number": "28",
          "summary": "New remediations available"
        },
        {
          "date": "2016-09-04T22:00:00.000+00:00",
          "number": "29",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-09-06T22:00:00.000+00:00",
          "number": "30",
          "summary": "New remediations available"
        },
        {
          "date": "2016-09-11T22:00:00.000+00:00",
          "number": "31",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-03T22:00:00.000+00:00",
          "number": "32",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-03T22:00:00.000+00:00",
          "number": "33",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-03T22:00:00.000+00:00",
          "number": "34",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-03T22:00:00.000+00:00",
          "number": "35",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-03T22:00:00.000+00:00",
          "number": "36",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-03T22:00:00.000+00:00",
          "number": "37",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-26T22:00:00.000+00:00",
          "number": "38",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-06T23:00:00.000+00:00",
          "number": "39",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-06T23:00:00.000+00:00",
          "number": "40",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-09T23:00:00.000+00:00",
          "number": "41",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-20T23:00:00.000+00:00",
          "number": "42",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-22T23:00:00.000+00:00",
          "number": "43",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-22T23:00:00.000+00:00",
          "number": "44",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-12-20T23:00:00.000+00:00",
          "number": "45",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-12T23:00:00.000+00:00",
          "number": "46",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-18T23:00:00.000+00:00",
          "number": "47",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-23T23:00:00.000+00:00",
          "number": "48",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-02T23:00:00.000+00:00",
          "number": "49",
          "summary": "New remediations available"
        },
        {
          "date": "2017-06-20T22:00:00.000+00:00",
          "number": "50",
          "summary": "New remediations available"
        },
        {
          "date": "2017-06-20T22:00:00.000+00:00",
          "number": "51",
          "summary": "New remediations available"
        },
        {
          "date": "2017-06-20T22:00:00.000+00:00",
          "number": "52",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-06-26T22:00:00.000+00:00",
          "number": "53",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-07T22:00:00.000+00:00",
          "number": "54",
          "summary": "Added references"
        },
        {
          "date": "2019-01-30T23:00:00.000+00:00",
          "number": "55",
          "summary": "Neue Updates von EMC aufgenommen"
        },
        {
          "date": "2019-02-03T23:00:00.000+00:00",
          "number": "56",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-04-08T22:00:00.000+00:00",
          "number": "57",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-AA7F37CD4D"
        },
        {
          "date": "2025-11-09T23:00:00.000+00:00",
          "number": "58",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-11-10T23:00:00.000+00:00",
          "number": "59",
          "summary": "Korrektur"
        }
      ],
      "status": "final",
      "version": "59"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apache HTTP Server",
            "product": {
              "name": "Apache HTTP Server",
              "product_id": "67869",
              "product_identification_helper": {
                "cpe": "cpe:/a:apache:http_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Apache Tomcat",
            "product": {
              "name": "Apache Tomcat",
              "product_id": "643",
              "product_identification_helper": {
                "cpe": "cpe:/a:apache:tomcat:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC VNX1",
            "product": {
              "name": "EMC VNX1",
              "product_id": "T004667",
              "product_identification_helper": {
                "cpe": "cpe:/h:emc:vnx:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE HP-UX",
            "product": {
              "name": "HPE HP-UX",
              "product_id": "4871",
              "product_identification_helper": {
                "cpe": "cpe:/o:hp:hp-ux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source PHP",
            "product": {
              "name": "Open Source PHP",
              "product_id": "8746",
              "product_identification_helper": {
                "cpe": "cpe:/a:php:php:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source Python",
            "product": {
              "name": "Open Source Python",
              "product_id": "113051",
              "product_identification_helper": {
                "cpe": "cpe:/a:python:python:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Red Hat JBoss Web Server",
            "product": {
              "name": "Red Hat JBoss Web Server",
              "product_id": "T003426",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "T006804",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:linux_enterprise_desktop:12:sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Enterprise Desktop"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "T007836",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:linux_enterprise_server:12:sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Enterprise Server"
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.2.1",
                "product": {
                  "name": "TYPO3 Core \u003c8.2.1",
                  "product_id": "T008046"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.1",
                "product": {
                  "name": "TYPO3 Core 8.2.1",
                  "product_id": "T008046-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:typo3:typo3:8.2.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Core"
          }
        ],
        "category": "vendor",
        "name": "TYPO3"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "131442",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-1000104",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-1000104"
    },
    {
      "cve": "CVE-2016-1000105",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-1000105"
    },
    {
      "cve": "CVE-2016-1000107",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-1000107"
    },
    {
      "cve": "CVE-2016-1000108",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-1000108"
    },
    {
      "cve": "CVE-2016-1000109",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-1000109"
    },
    {
      "cve": "CVE-2016-1000110",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-1000110"
    },
    {
      "cve": "CVE-2016-1000111",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-1000111"
    },
    {
      "cve": "CVE-2016-5385",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-5385"
    },
    {
      "cve": "CVE-2016-5386",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-5386"
    },
    {
      "cve": "CVE-2016-5387",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-5387"
    },
    {
      "cve": "CVE-2016-5388",
      "product_status": {
        "known_affected": [
          "131442",
          "67646",
          "4871",
          "T004667",
          "67869",
          "T003426",
          "T007836",
          "T006804",
          "2951",
          "T002207",
          "643",
          "T027843",
          "8746",
          "1727",
          "T008046",
          "113051"
        ]
      },
      "release_date": "2016-07-18T22:00:00.000+00:00",
      "title": "CVE-2016-5388"
    }
  ]
}

CVE-2016-1000109 (GCVE-0-2016-1000109)

Vulnerability from cvelistv5 – Published: 2020-02-19 12:38 – Updated: 2024-08-06 03:55

Summary

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://httpoxy.org/	x_refsource_MISC
	https://github.com/facebook/hhvm/commit/423b4b719…	x_refsource_CONFIRM
	https://www.facebook.com/security/advisories/cve-…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:26.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpoxy.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/facebook/hhvm/commit/423b4b719afd5ef4e6e19d8447fbf7b6bc0d0a25"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.facebook.com/security/advisories/cve-2016-1000109"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2016-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T12:38:56.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpoxy.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/facebook/hhvm/commit/423b4b719afd5ef4e6e19d8447fbf7b6bc0d0a25"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.facebook.com/security/advisories/cve-2016-1000109"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2016-07-17",
          "ID": "CVE-2016-1000109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://httpoxy.org/",
              "refsource": "MISC",
              "url": "https://httpoxy.org/"
            },
            {
              "name": "https://github.com/facebook/hhvm/commit/423b4b719afd5ef4e6e19d8447fbf7b6bc0d0a25",
              "refsource": "CONFIRM",
              "url": "https://github.com/facebook/hhvm/commit/423b4b719afd5ef4e6e19d8447fbf7b6bc0d0a25"
            },
            {
              "name": "https://www.facebook.com/security/advisories/cve-2016-1000109",
              "refsource": "CONFIRM",
              "url": "https://www.facebook.com/security/advisories/cve-2016-1000109"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1000109",
    "datePublished": "2020-02-19T12:38:56.000Z",
    "dateReserved": "2016-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:55:26.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5387 (GCVE-0-2016-5387)

Vulnerability from cvelistv5 – Published: 2016-07-19 01:00 – Updated: 2024-08-06 01:00

Summary

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.securitytracker.com/id/1036330	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2016:1420	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1635	vendor-advisoryx_refsource_REDHAT
	https://support.apple.com/HT208221	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91816	vdb-entryx_refsource_BID
	https://access.redhat.com/errata/RHSA-2016:1851	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3038-1	vendor-advisoryx_refsource_UBUNTU
	http://www.kb.cert.org/vuls/id/797896	third-party-advisoryx_refsource_CERT-VN
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1648.html	vendor-advisoryx_refsource_REDHAT
	https://www.tenable.com/security/tns-2017-04	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1625.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3623	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-1649.html	vendor-advisoryx_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1422	vendor-advisoryx_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1421	vendor-advisoryx_refsource_REDHAT
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://rhn.redhat.com/errata/RHSA-2016-1650.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-1624.html	vendor-advisoryx_refsource_REDHAT
	https://www.apache.org/security/asf-httpoxy-respo…	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://httpoxy.org/	x_refsource_MISC
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201701-36	vendor-advisoryx_refsource_GENTOO
	https://access.redhat.com/errata/RHSA-2016:1636	vendor-advisoryx_refsource_REDHAT
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.apache.org/thread.html/56c2e7cc9deb…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/84a3714f0878…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/8d63cb8e9100…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/f7f95ac1cd98…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r57608dc51b7…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd18c3c43602…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re3d27b6250a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rfbaf647d52c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9ea3538f229…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc998b18880d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re1e3a24664d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r04e89e873d5…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rdca61ae9906…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rcc44594d4d6…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb14daf9cc4e…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rad01d817195…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd336919f655…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r476d175be0a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r75cbe9ea3e2…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036330",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036330"
          },
          {
            "name": "RHSA-2016:1420",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1420"
          },
          {
            "name": "RHSA-2016:1635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "91816",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91816"
          },
          {
            "name": "RHSA-2016:1851",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1851"
          },
          {
            "name": "USN-3038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3038-1"
          },
          {
            "name": "VU#797896",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/797896"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "openSUSE-SU-2016:1824",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "RHSA-2016:1648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-04"
          },
          {
            "name": "RHSA-2016:1625",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
          },
          {
            "name": "DSA-3623",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3623"
          },
          {
            "name": "RHSA-2016:1649",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
          },
          {
            "name": "RHSA-2016:1422",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1422"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
          },
          {
            "name": "RHSA-2016:1421",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1421"
          },
          {
            "name": "FEDORA-2016-a29c65b00f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
          },
          {
            "name": "RHSA-2016:1650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
          },
          {
            "name": "RHSA-2016:1624",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
          },
          {
            "name": "FEDORA-2016-df0726ae26",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpoxy.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "GLSA-201701-36",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-36"
          },
          {
            "name": "RHSA-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1636"
          },
          {
            "name": "FEDORA-2016-9fd9bfab9e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
          },
          {
            "name": "FEDORA-2016-683d0b257b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.  NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:11:53.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1036330",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036330"
        },
        {
          "name": "RHSA-2016:1420",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1420"
        },
        {
          "name": "RHSA-2016:1635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "91816",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91816"
        },
        {
          "name": "RHSA-2016:1851",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1851"
        },
        {
          "name": "USN-3038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3038-1"
        },
        {
          "name": "VU#797896",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/797896"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "openSUSE-SU-2016:1824",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "RHSA-2016:1648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-04"
        },
        {
          "name": "RHSA-2016:1625",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
        },
        {
          "name": "DSA-3623",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3623"
        },
        {
          "name": "RHSA-2016:1649",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
        },
        {
          "name": "RHSA-2016:1422",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1422"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
        },
        {
          "name": "RHSA-2016:1421",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1421"
        },
        {
          "name": "FEDORA-2016-a29c65b00f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
        },
        {
          "name": "RHSA-2016:1650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
        },
        {
          "name": "RHSA-2016:1624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
        },
        {
          "name": "FEDORA-2016-df0726ae26",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpoxy.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "GLSA-201701-36",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-36"
        },
        {
          "name": "RHSA-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1636"
        },
        {
          "name": "FEDORA-2016-9fd9bfab9e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
        },
        {
          "name": "FEDORA-2016-683d0b257b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-5387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.  NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036330",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036330"
            },
            {
              "name": "RHSA-2016:1420",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1420"
            },
            {
              "name": "RHSA-2016:1635",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1635"
            },
            {
              "name": "https://support.apple.com/HT208221",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208221"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
            },
            {
              "name": "91816",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91816"
            },
            {
              "name": "RHSA-2016:1851",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1851"
            },
            {
              "name": "USN-3038-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3038-1"
            },
            {
              "name": "VU#797896",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/797896"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "openSUSE-SU-2016:1824",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "RHSA-2016:1648",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-04"
            },
            {
              "name": "RHSA-2016:1625",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
            },
            {
              "name": "DSA-3623",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3623"
            },
            {
              "name": "RHSA-2016:1649",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
            },
            {
              "name": "RHSA-2016:1422",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1422"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
            },
            {
              "name": "RHSA-2016:1421",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1421"
            },
            {
              "name": "FEDORA-2016-a29c65b00f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
            },
            {
              "name": "RHSA-2016:1650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
            },
            {
              "name": "RHSA-2016:1624",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
            },
            {
              "name": "https://www.apache.org/security/asf-httpoxy-response.txt",
              "refsource": "CONFIRM",
              "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
            },
            {
              "name": "FEDORA-2016-df0726ae26",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
            },
            {
              "name": "https://httpoxy.org/",
              "refsource": "MISC",
              "url": "https://httpoxy.org/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "GLSA-201701-36",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-36"
            },
            {
              "name": "RHSA-2016:1636",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1636"
            },
            {
              "name": "FEDORA-2016-9fd9bfab9e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
            },
            {
              "name": "FEDORA-2016-683d0b257b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-5387",
    "datePublished": "2016-07-19T01:00:00.000Z",
    "dateReserved": "2016-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:00:59.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1000110 (GCVE-0-2016-1000110)

Vulnerability from cvelistv5 – Published: 2019-11-27 16:54 – Updated: 2024-08-06 03:55

Summary

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_MISC
	https://bugzilla.suse.com/show_bug.cgi?id=CVE-201…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:26.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000110"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/"
          },
          {
            "name": "openSUSE-SU-2020:0086",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T21:06:19.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000110"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/"
        },
        {
          "name": "openSUSE-SU-2020:0086",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1000110",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000110",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000110"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/",
              "refsource": "MISC",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/"
            },
            {
              "name": "openSUSE-SU-2020:0086",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1000110",
    "datePublished": "2019-11-27T16:54:34.000Z",
    "dateReserved": "2016-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:55:26.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1000111 (GCVE-0-2016-1000111)

Vulnerability from cvelistv5 – Published: 2020-03-11 19:05 – Updated: 2024-08-06 03:55

Summary

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	https://www.openwall.com/lists/oss-security/2016/…	x_refsource_MISC
	https://twistedmatrix.com/trac/ticket/8623	x_refsource_CONFIRM
	https://twistedmatrix.com/pipermail/twisted-web/2…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:26.416Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://twistedmatrix.com/trac/ticket/8623"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-11T19:05:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://twistedmatrix.com/trac/ticket/8623"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1000111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2016/07/18/6",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"
            },
            {
              "name": "https://twistedmatrix.com/trac/ticket/8623",
              "refsource": "CONFIRM",
              "url": "https://twistedmatrix.com/trac/ticket/8623"
            },
            {
              "name": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html",
              "refsource": "CONFIRM",
              "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1000111",
    "datePublished": "2020-03-11T19:05:31.000Z",
    "dateReserved": "2016-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:55:26.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1000105 (GCVE-0-2016-1000105)

Vulnerability from cvelistv5 – Published: 2020-01-31 21:38 – Updated: 2020-01-31 21:38

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2020-01-31T21:38:27.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1000105",
    "datePublished": "2020-01-31T21:38:27.000Z",
    "dateRejected": "2020-01-31T21:38:27.000Z",
    "dateReserved": "2016-07-18T00:00:00.000Z",
    "dateUpdated": "2020-01-31T21:38:27.000Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0"
}

CVE-2016-5385 (GCVE-0-2016-5385)

Vulnerability from cvelistv5 – Published: 2016-07-19 01:00 – Updated: 2024-08-06 01:00

Summary

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/797896	third-party-advisoryx_refsource_CERT-VN
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201611-22	vendor-advisoryx_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	https://www.drupal.org/SA-CORE-2016-003	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1613.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-1611.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-1610.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3631	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/91821	vdb-entryx_refsource_BID
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://rhn.redhat.com/errata/RHSA-2016-1609.html	vendor-advisoryx_refsource_REDHAT
	http://www.securitytracker.com/id/1036335	vdb-entryx_refsource_SECTRACK
	https://httpoxy.org/	x_refsource_MISC
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1612.html	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1353794	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://github.com/guzzle/guzzle/releases/tag/6.2.1	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-8eb11666aa",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297"
          },
          {
            "name": "VU#797896",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/797896"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "GLSA-201611-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-22"
          },
          {
            "name": "openSUSE-SU-2016:1922",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.drupal.org/SA-CORE-2016-003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "RHSA-2016:1613",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html"
          },
          {
            "name": "RHSA-2016:1611",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html"
          },
          {
            "name": "RHSA-2016:1610",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html"
          },
          {
            "name": "DSA-3631",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3631"
          },
          {
            "name": "91821",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91821"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
          },
          {
            "name": "FEDORA-2016-4e7db3d437",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/"
          },
          {
            "name": "RHSA-2016:1609",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html"
          },
          {
            "name": "1036335",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036335"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpoxy.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2016:1612",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
          },
          {
            "name": "FEDORA-2016-9c8cf5912c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-18T01:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2016-8eb11666aa",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297"
        },
        {
          "name": "VU#797896",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/797896"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "GLSA-201611-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-22"
        },
        {
          "name": "openSUSE-SU-2016:1922",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.drupal.org/SA-CORE-2016-003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "RHSA-2016:1613",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html"
        },
        {
          "name": "RHSA-2016:1611",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html"
        },
        {
          "name": "RHSA-2016:1610",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html"
        },
        {
          "name": "DSA-3631",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3631"
        },
        {
          "name": "91821",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91821"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
        },
        {
          "name": "FEDORA-2016-4e7db3d437",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/"
        },
        {
          "name": "RHSA-2016:1609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html"
        },
        {
          "name": "1036335",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036335"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpoxy.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2016:1612",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
        },
        {
          "name": "FEDORA-2016-9c8cf5912c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-5385",
    "datePublished": "2016-07-19T01:00:00.000Z",
    "dateReserved": "2016-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:00:59.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5388 (GCVE-0-2016-5388)

Vulnerability from cvelistv5 – Published: 2016-07-19 01:00 – Updated: 2024-08-06 01:00

Summary

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2016:1635	vendor-advisoryx_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/797896	third-party-advisoryx_refsource_CERT-VN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2045.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2046.html	vendor-advisoryx_refsource_REDHAT
	https://tomcat.apache.org/tomcat-7.0-doc/changelog.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91818	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1624.html	vendor-advisoryx_refsource_REDHAT
	https://www.apache.org/security/asf-httpoxy-respo…	x_refsource_CONFIRM
	https://httpoxy.org/	x_refsource_MISC
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1036331	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2016:1636	vendor-advisoryx_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/053d9ce4d579…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/6d3d34adcf3d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/6b414817c2b0…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc6b21475324…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r2853582063c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf21b368769a…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:1635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
          },
          {
            "name": "VU#797896",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/797896"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "RHSA-2016:2045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
          },
          {
            "name": "RHSA-2016:2046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2046.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
          },
          {
            "name": "91818",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91818"
          },
          {
            "name": "openSUSE-SU-2016:2252",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
          },
          {
            "name": "RHSA-2016:1624",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpoxy.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "1036331",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036331"
          },
          {
            "name": "RHSA-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1636"
          },
          {
            "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html"
          },
          {
            "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190925 [jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200813 CVE reporting discrepencies",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200813 Re: CVE reporting discrepencies",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200814 Re: CVE reporting discrepencies",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-14T10:06:04.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2016:1635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
        },
        {
          "name": "VU#797896",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/797896"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "RHSA-2016:2045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
        },
        {
          "name": "RHSA-2016:2046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2046.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
        },
        {
          "name": "91818",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91818"
        },
        {
          "name": "openSUSE-SU-2016:2252",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
        },
        {
          "name": "RHSA-2016:1624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpoxy.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "1036331",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036331"
        },
        {
          "name": "RHSA-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1636"
        },
        {
          "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html"
        },
        {
          "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190925 [jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200813 CVE reporting discrepencies",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200813 Re: CVE reporting discrepencies",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200814 Re: CVE reporting discrepencies",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-5388",
    "datePublished": "2016-07-19T01:00:00.000Z",
    "dateReserved": "2016-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:00:59.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1000108 (GCVE-0-2016-1000108)

Vulnerability from cvelistv5 – Published: 2019-12-10 14:58 – Updated: 2024-08-06 03:55

Summary

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://raw.githubusercontent.com/distributedweak…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2016/07/18/6	x_refsource_MISC
	https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC
	https://github.com/klacke/yaws/commit/9d8fb070e78…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:26.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000108.json"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-10T14:58:52.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000108.json"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1000108",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000108.json",
              "refsource": "MISC",
              "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000108.json"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2016/07/18/6",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000108",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000108"
            },
            {
              "name": "https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1",
              "refsource": "CONFIRM",
              "url": "https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1000108",
    "datePublished": "2019-12-10T14:58:52.000Z",
    "dateReserved": "2016-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:55:26.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1000107 (GCVE-0-2016-1000107)

Vulnerability from cvelistv5 – Published: 2019-12-10 17:32 – Updated: 2024-08-06 03:55

Summary

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://httpoxy.org/	x_refsource_MISC
	https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2016/07/18/6	x_refsource_MISC
	https://bugs.erlang.org/browse/ERL-198	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:26.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpoxy.org/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000107"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.erlang.org/browse/ERL-198"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-10T17:32:33.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpoxy.org/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000107"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.erlang.org/browse/ERL-198"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1000107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://httpoxy.org/",
              "refsource": "MISC",
              "url": "https://httpoxy.org/"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000107",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000107"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2016/07/18/6",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
            },
            {
              "name": "https://bugs.erlang.org/browse/ERL-198",
              "refsource": "MISC",
              "url": "https://bugs.erlang.org/browse/ERL-198"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1000107",
    "datePublished": "2019-12-10T17:32:33.000Z",
    "dateReserved": "2016-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:55:26.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1000104 (GCVE-0-2016-1000104)

Vulnerability from cvelistv5 – Published: 2019-12-03 21:12 – Updated: 2024-08-06 03:55

Summary

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/07/18/6	x_refsource_MISC
	http://lists.opensuse.org/opensuse-updates/2016-0…	x_refsource_MISC
	http://www.securityfocus.com/bid/91822	x_refsource_MISC
	https://www.tenable.com/security/tns-2017-04	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:26.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91822"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-03T17:22:49.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/91822"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/tns-2017-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1000104",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openwall.com/lists/oss-security/2016/07/18/6",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
            },
            {
              "name": "http://www.securityfocus.com/bid/91822",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/91822"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/tns-2017-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1000104",
    "datePublished": "2019-12-03T21:12:15.000Z",
    "dateReserved": "2016-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:55:26.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5386 (GCVE-0-2016-5386)

Vulnerability from cvelistv5 – Published: 2016-07-19 01:00 – Updated: 2024-08-06 01:00

Summary

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.kb.cert.org/vuls/id/797896	third-party-advisoryx_refsource_CERT-VN
	https://bugzilla.redhat.com/show_bug.cgi?id=1353798	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://rhn.redhat.com/errata/RHSA-2016-1538.html	vendor-advisoryx_refsource_REDHAT
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://httpoxy.org/	x_refsource_MISC
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#797896",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/797896"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353798"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "FEDORA-2016-340e361b90",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WGHKKCFP4PLVSWQKCM3FJJPEWB5ZNTU/"
          },
          {
            "name": "FEDORA-2016-ea5e284d34",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OR52UXGM6RKSCWF3KQMVZGVZVJ3WEESJ/"
          },
          {
            "name": "RHSA-2016:1538",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpoxy.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-24T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "VU#797896",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/797896"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353798"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "FEDORA-2016-340e361b90",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WGHKKCFP4PLVSWQKCM3FJJPEWB5ZNTU/"
        },
        {
          "name": "FEDORA-2016-ea5e284d34",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OR52UXGM6RKSCWF3KQMVZGVZVJ3WEESJ/"
        },
        {
          "name": "RHSA-2016:1538",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpoxy.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-5386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#797896",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/797896"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353798",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353798"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "FEDORA-2016-340e361b90",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WGHKKCFP4PLVSWQKCM3FJJPEWB5ZNTU/"
            },
            {
              "name": "FEDORA-2016-ea5e284d34",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR52UXGM6RKSCWF3KQMVZGVZVJ3WEESJ/"
            },
            {
              "name": "RHSA-2016:1538",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
            },
            {
              "name": "https://httpoxy.org/",
              "refsource": "MISC",
              "url": "https://httpoxy.org/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-5386",
    "datePublished": "2016-07-19T01:00:00.000Z",
    "dateReserved": "2016-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:00:59.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2522

CVE-2016-1000109 (GCVE-0-2016-1000109)

CVE-2016-5387 (GCVE-0-2016-5387)

CVE-2016-1000110 (GCVE-0-2016-1000110)

CVE-2016-1000111 (GCVE-0-2016-1000111)

CVE-2016-1000105 (GCVE-0-2016-1000105)

CVE-2016-5385 (GCVE-0-2016-5385)

CVE-2016-5388 (GCVE-0-2016-5388)

CVE-2016-1000108 (GCVE-0-2016-1000108)

CVE-2016-1000107 (GCVE-0-2016-1000107)

CVE-2016-1000104 (GCVE-0-2016-1000104)

CVE-2016-5386 (GCVE-0-2016-5386)

Tags

Sightings

Nomenclature