Security Advisory

CVE-2016-5387

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-07-19 01:00:00

Last updated 2024-08-06 01:00:59

Assigner redhat

State PUBLISHED

Description

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an applications outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

← Browse all CVEs View on cve.org ↗