6.1

CVE-2016-1000107

EPSS 0.53%
Published 10.12.2019 18:15:09
Last modified 21.11.2024 02:42:52
Source cve@mitre.org
Teams watchlist Login
Open Login

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Erlang ≫ Erlang/otp Version <= 22.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.53%	0.66

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://httpoxy.org/

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/07/18/6

Third Party Advisory

Mailing List

https://bugs.erlang.org/browse/ERL-198

Vendor Advisory

Issue Tracking

https://security-tracker.debian.org/tracker/CVE-2016-1000107

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1000107

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1000107

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1000107

EUVD