8.1

CVE-2016-5387

EPSS 77.5%
Veröffentlicht 19.07.2016 02:00:19
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.  NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 57

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version >= 2.2.0 <= 2.2.31

Apache ≫ HTTP Server Version >= 2.4.1 <= 2.4.23

Hp ≫ System Management Homepage Version <= 7.5.5.0

Oracle ≫ Communications User Data Repository Version >= 10.0.0 <= 12.4

Oracle ≫ Enterprise Manager Ops Center Version12.2.2

Oracle ≫ Enterprise Manager Ops Center Version12.3.2

Oracle ≫ Linux Version5 Update-

Oracle ≫ Linux Version6 Update-

Oracle ≫ Linux Version7 Update-

Oracle ≫ Solaris Version11.3

Fedoraproject ≫ Fedora Version23

Fedoraproject ≫ Fedora Version24

Redhat ≫ Jboss Web Server Version2.1.0

Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Enterprise Web Server Version2.0.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Jboss Enterprise Web Server Version3.0.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Jboss Enterprise Web Server Version2.0.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Enterprise Web Server Version3.0.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Core Services Version1.0

Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version7.2

Redhat ≫ Enterprise Linux Eus Version7.3

Redhat ≫ Enterprise Linux Eus Version7.4

Redhat ≫ Enterprise Linux Eus Version7.5

Redhat ≫ Enterprise Linux Eus Version7.6

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.2

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version7.2

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version15.10

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Opensuse ≫ Leap Version42.1

Opensuse ≫ Opensuse Version13.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	77.5%	0.989

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Third Party Advisory

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Patch

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Patch

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Third Party Advisory

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

https://security.gentoo.org/glsa/201701-36

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1650.html

Third Party Advisory

Broken Link

http://rhn.redhat.com/errata/RHSA-2016-1624.html

Third Party Advisory

Broken Link

https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E

http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1648.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1649.html

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

Third Party Advisory

https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E

https://access.redhat.com/errata/RHSA-2016:1420

Third Party Advisory

http://www.kb.cert.org/vuls/id/797896

Third Party Advisory

US Government Resource

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

Third Party Advisory

https://httpoxy.org/

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html

Third Party Advisory

Mailing List

http://rhn.redhat.com/errata/RHSA-2016-1625.html

Third Party Advisory

Broken Link

http://www.debian.org/security/2016/dsa-3623

Third Party Advisory

http://www.securityfocus.com/bid/91816

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1036330

Third Party Advisory

Broken Link

VDB Entry

http://www.ubuntu.com/usn/USN-3038-1

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1421

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1422

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1635

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1636

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1851

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/

https://support.apple.com/HT208221

Third Party Advisory

https://www.apache.org/security/asf-httpoxy-response.txt

Vendor Advisory

https://www.tenable.com/security/tns-2017-04

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-5387

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5387

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5387

EUVD