CVE-2016-5388 in Tomcatinformação

Sumário

de MITRE

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservar

10/06/2016

Divulgação

18/07/2016

Moderação

aceite

Entrada

VDB-89670

CPE

pronto

CWE

CWE-284 (confirmado)

CVSS

8.1 (NVD)

EPSS

0.36760

KEV

não

Atividades

muito baixo

Sector

Lawfirm, Hostingprovider, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-5388
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-5388
CVE Details	https://www.cvedetails.com/cve/CVE-2016-5388/

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!