Vulnerability Description
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Communications User Data Repository | 10.0.0 |
| Oracle | Enterprise Manager Ops Center | 12.2.2 |
| Oracle | Linux | 6 |
| Fedoraproject | Fedora | 23 |
| Hp | Storeever Msl6480 Tape Library Firmware | <= 5.09 |
| Hp | Storeever Msl6480 Tape Library | - |
| Hp | System Management Homepage | <= 7.5.5.0 |
| Php | Php | >= 5.5.0, < 5.5.38 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Debian | Debian Linux | 8.0 |
| Opensuse | Leap | 42.1 |
| Drupal | Drupal | >= 8.0.0, < 8.1.7 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1609.htmlBroken LinkThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1610.htmlBroken LinkThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1611.htmlBroken LinkThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1612.htmlBroken LinkThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1613.htmlBroken LinkThird Party Advisory
- http://www.debian.org/security/2016/dsa-3631Third Party Advisory
- http://www.kb.cert.org/vuls/id/797896Third Party AdvisoryUS Government Resource
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.hThird Party Advisory
- http://www.securityfocus.com/bid/91821Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036335Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1353794Issue TrackingThird Party AdvisoryVDB Entry
- https://github.com/guzzle/guzzle/releases/tag/6.2.1Release NotesThird Party Advisory
FAQ
What is CVE-2016-5385?
CVE-2016-5385 is a vulnerability with a CVSS score of 8.1 (HIGH). PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY envir...
How severe is CVE-2016-5385?
CVE-2016-5385 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5385?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Communications User Data Repository, Oracle Enterprise Manager Ops Center, Oracle Linux, Fedoraproject Fedora, Hp Storeever Msl6480 Tape Library Firmware.