CVE-2016-5387 in macOSinfo

Summary

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

06/10/2016

Disclosure

07/18/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
108930Apple macOS apache access control284Not definedOfficial fixCVE-2016-5387
103831Oracle Enterprise Manager Ops Center Satellite access control284Not definedOfficial fixCVE-2016-5387
98603Apple macOS Apache access control284Not definedOfficial fixCVE-2016-5387
89849nginx RFC 3875 Namespace Conflict access control284Not definedOfficial fixCVE-2016-5387
89669Apache HTTP Server RFC 3875 Namespace Conflict access control284Not definedOfficial fixCVE-2016-5387

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!