CVE-2016-5387 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2016-5387?

CVE-2016-5387 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-5387?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Hp System Management Homepage, Oracle Communications User Data Repository, Oracle Enterprise Manager Ops Center, Oracle Linux.

Vulnerability Description

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.2.0, <= 2.2.31
Hp	System Management Homepage	<= 7.5.5.0
Oracle	Communications User Data Repository	>= 10.0.0, <= 12.4
Oracle	Enterprise Manager Ops Center	12.2.2
Oracle	Linux	5
Oracle	Solaris	11.3
Fedoraproject	Fedora	23
Redhat	Jboss Web Server	2.1.0
Redhat	Enterprise Linux	6.0
Redhat	Jboss Enterprise Web Server	2.0.0
Redhat	Jboss Core Services	1.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	7.2
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	7.2
Redhat	Enterprise Linux Server Tus	7.2
Redhat	Enterprise Linux Workstation	6.0
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04
Opensuse	Leap	42.1

References

http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1624.htmlBroken LinkThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1625.htmlBroken LinkThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1648.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1649.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1650.htmlBroken LinkThird Party Advisory
http://www.debian.org/security/2016/dsa-3623Third Party Advisory
http://www.kb.cert.org/vuls/id/797896Third Party AdvisoryUS Government Resource
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatchThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatchThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.hThird Party Advisory
http://www.securityfocus.com/bid/91816Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036330Broken LinkThird Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-3038-1Third Party Advisory

FAQ

What is CVE-2016-5387?

CVE-2016-5387 is a vulnerability with a CVSS score of 8.1 (HIGH). The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, whi...

How severe is CVE-2016-5387?

CVE-2016-5387 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5387?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Hp System Management Homepage, Oracle Communications User Data Repository, Oracle Enterprise Manager Ops Center, Oracle Linux.