CVE-2016-4694 in macOSinfo

Summary

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

05/11/2016

Disclosure

09/25/2016

Moderation

VulDB entry created

Entries

VDB-92040 (1)

CPE

ready

CWE

CWE-284 (Confirmed)

CVSS

9.1

EPSS

0.00961

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4694
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4694
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4694/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!