Published: 19/07/2016 Updated: 12/02/2023

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 464

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Apache Tomcat 7.x up to and including 7.0.70 and 8.x up to and including 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux desktop 7.0
redhat enterprise linux server aus 7.2
redhat enterprise linux workstation 7.0
redhat enterprise linux server tus 7.2
redhat enterprise linux server 7.0
redhat enterprise linux hpc node 7.0
redhat enterprise linux server eus 7.2
redhat enterprise linux hpc node eus 7.2
hp system management homepage
redhat enterprise linux hpc node 6.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
oracle linux 6
oracle linux 7
apache tomcat

Synopsis Important: tomcat6 security and bug fix update Type/Severity Security Advisory: Important Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...

Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...

USN-3177-1 introduced a regression in Tomcat ...

Several security issues were fixed in Tomcat ...

Tomcat's CGI support used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests A remote attacker could possibly use this flaw to redirect HTTP requests performed ...

It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests A remote attacker could possibly use this flaw to redirect HTTP requests p ...

15-year-old security hole HTTPoxy returns to menace websites – it has a name, logo too

The Register • Darren Pauli • 18 Jul 2016

So you know it's really scary

A dangerous easy-to-exploit vulnerability discovered 15 years ago has reared its head again, leaving server-side website software potentially open to hijackers. The Apache Software Foundation, Red Hat, Ngnix and others have rushed to warn programmers of the so-called httpoxy flaw, specifically: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; CVE-2016-1000109 in PHP-engine HHVM; and CVE-2016-1000110 in Python. This security hole, pre...

CWE-284 http://www.kb.cert.org/vuls/id/797896 https://httpoxy.org/https://www.apache.org/security/asf-httpoxy-response.txt http://www.securitytracker.com/id/1036331 http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759 http://www.securityfocus.com/bid/91818 https://access.redhat.com/errata/RHSA-2016:1635 http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1624.html https://access.redhat.com/errata/RHSA-2016:1636 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us https://tomcat.apache.org/tomcat-7.0-doc/changelog.html https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2016:2045 https://usn.ubuntu.com/3177-2/https://www.kb.cert.org/vuls/id/797896

CVE-2016-5388

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect