8.1
CVSSv3

CVE-2016-5387

Published: 19/07/2016 Updated: 27/12/2019
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 460
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

The Apache HTTP Server up to and including 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle solaris 11.3

apache http server

redhat jboss_web_server 2.1.0

hp system management homepage

oracle linux 5.0

oracle linux 6

oracle linux 7

fedoraproject fedora 23

fedoraproject fedora 24

Vendor Advisories

Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests A remote attacker could possibly use this ...
A security issue was fixed in the Apache HTTP Server ...
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests A remote attacker could possibly use this flaw to redirect HTTP requests pe ...
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests A remote attacker could possibly use this flaw to redirect HTTP requests pe ...
Debian Bug report logs - #847124 apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 5 Dec 2016 20:1 ...
Summary The Apache HTTP Server through 2423 follows RFC 3875 section 4118 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in ...
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community HTTPoxy CGI HTTP_PROXY Variable Multiple Vulnerabilities Article Number: 000008785 Products: Forcepoint ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Oracle Critical Patch Update Advisory - July 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
Oracle Linux Bulletin - July 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
Oracle Solaris Third Party Bulletin - October 2016 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...
SecurityCenter has recently been discovered to contain several vulnerabilities Four issues in the SC code were discovered during internal testing by Barry Clark, and several third-party libraries were upgraded as part of our internal security process Note that the library vulnerabilities were not fully diagnosed so SecurityCenter is possibly impa ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Oracle Critical Patch Update Advisory - January 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

Github Repositories

dockerized nginx proxy with vhost rewrite for Plone

This is based on jwilder/nginx-proxy It sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro alteroo/p

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

Automated nginx proxy for Docker containers using docker-gen

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

Chabreuil antoine et Deat vincent

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

Docker Nginx Proxy - ARM Build

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

Automated nginx proxy for Docker containers using docker-gen

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

nginx-proxy-docker-image Multi-platform

nginx-proxy-docker-image nginx-proxy-docker-image, this image is based on jwilder/nginx-proxy I just rebuild it so that it can run on others platforms, such as linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6 nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started

nginx-proxy sets up a container running nginx and docker-gen docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped See Automated Nginx Reverse Proxy for Docker for why you might want to use this Usage To run it: $ docker run -d -p 80:80 -v /var/run/dockersock:/tmp/dockersock:ro jwilder/nginx-proxy Then start any co

All in one active reverse proxy for Kubernetes !

Kube Active Proxy Kube Active Proxy is an all-in-one reverse proxy for Kubernetes, supporting Letsencrypt out of the box ! Kube Active Proxy is a copy of my Rancher-Active-Proxy application Kube Active Proxy is based on the excellent idea of jwilder/nginx-proxy Kube Active Proxy replace docker-gen by kube-template-kap adi90x/kube-template-kap ( a fork of the also excellent 3c

All in one active reverse proxy for Rancher ! For Kubernetes : https://github.com/adi90x/kube-active-proxy

If you look for a Kubernetes version : Have a look to Kube Active Proxy Rancher Active Proxy Rancher Active Proxy is an all-in-one reverse proxy for Rancher, supporting Letsencrypt out of the box ! Rancher Active Proxy is based on the excellent idea of jwilder/nginx-proxy Rancher Active Proxy replace docker-gen by Rancher-gen-rap adi90x/rancher-gen-rap ( a fork of the also exc

Tools that utilize the Red Hat Security Data API

rhsecapi rhsecapi makes it easy to interface with the Red Hat Security Data API -- even from behind a proxy From the rpm description: Leverage Red Hat's Security Data API to find CVEs by various attributes (date, severity, scores, package, IAVA, etc) Retrieve customizable details about found CVEs or about specific CVE ids input on cmdline Parse arbitrary stdin for CVE

Recent Articles

15-year-old security hole HTTPoxy returns to menace websites – it has a name, logo too
The Register • Darren Pauli • 18 Jul 2016

So you know it's really scary

A dangerous easy-to-exploit vulnerability discovered 15 years ago has reared its head again, leaving server-side website software potentially open to hijackers.
The Apache Software Foundation, Red Hat, Ngnix and others have rushed to warn programmers of the so-called httpoxy flaw, specifically: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; CVE-2016-1000109 in PHP-engine HHVM; and CVE-2016-1000110 in Python.
This securi...

CGI Script Vulnerability ‘Httpoxy’ Allows Man-in-the-Middle Attacks
Threatpost • Tom Spring • 18 Jul 2016

An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy patches from impacted companies and platforms.
Researchers at SaaS distributor VendHQ named the vulnerability Httpoxy. It affects server-side web applications that run in Common Gateway Interface (C...

References

CWE-284http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1624.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1625.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1648.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1649.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1650.htmlhttp://www.debian.org/security/2016/dsa-3623http://www.kb.cert.org/vuls/id/797896http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.securityfocus.com/bid/91816http://www.securitytracker.com/id/1036330http://www.ubuntu.com/usn/USN-3038-1https://access.redhat.com/errata/RHSA-2016:1420https://access.redhat.com/errata/RHSA-2016:1421https://access.redhat.com/errata/RHSA-2016:1422https://access.redhat.com/errata/RHSA-2016:1635https://access.redhat.com/errata/RHSA-2016:1636https://access.redhat.com/errata/RHSA-2016:1851https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://httpoxy.org/https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/https://security.gentoo.org/glsa/201701-36https://support.apple.com/HT208221https://www.apache.org/security/asf-httpoxy-response.txthttps://www.tenable.com/security/tns-2017-04https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2016-5387https://www.debian.org/security/./dsa-3623https://usn.ubuntu.com/3038-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/797896