CVE-2016-5387 in macOSinformación

Resumen (Inglés)

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservar

2016-06-10

Divulgación

2016-07-18

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
108930Apple macOS apache escalada de privilegios284No está definidoArreglo oficialCVE-2016-5387
103831Oracle Enterprise Manager Ops Center Satellite escalada de privilegios284No está definidoArreglo oficialCVE-2016-5387
98603Apple macOS Apache escalada de privilegios284No está definidoArreglo oficialCVE-2016-5387
89849nginx RFC 3875 Namespace Conflict escalada de privilegios284No está definidoArreglo oficialCVE-2016-5387
89669Apache HTTP Server RFC 3875 Namespace Conflict escalada de privilegios284No está definidoArreglo oficialCVE-2016-5387

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!