8.1
CVE-2016-5385
- EPSS 84.16%
- Published 19.07.2016 02:00:17
- Last modified 12.04.2025 10:46:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.Data is provided by the National Vulnerability Database (NVD)
Oracle ≫ Communications User Data Repository Version10.0.0
Oracle ≫ Communications User Data Repository Version10.0.1
Oracle ≫ Communications User Data Repository Version12.0.0
Oracle ≫ Enterprise Manager Ops Center Version12.2.2
Oracle ≫ Enterprise Manager Ops Center Version12.3.2
Fedoraproject ≫ Fedora Version23
Fedoraproject ≫ Fedora Version24
Hp ≫ Storeever Msl6480 Tape Library Firmware Version <= 5.09
Hp ≫ System Management Homepage Version <= 7.5.5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Debian ≫ Debian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 84.16% | 0.993 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.