Arch Linux Security Advisory ASA-201609-21

Severity: Medium
Date : 2016-09-22
CVE-ID : CVE-2016-5388
Package : tomcat7
Type : proxy injection
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE

Summary

The package tomcat7 before version 7.0.72-1 is vulnerable to proxy
injection.

Resolution

Upgrade to 7.0.72-1.

pacman -Syu “tomcat7>=7.0.72-1”

The problems have been fixed upstream in version 7.0.72.

Workaround

None.

Description

It was discovered that tomcat used the value of the Proxy header from
HTTP requests to initialize the HTTP_PROXY environment variable for CGI
scripts, which in turn was incorrectly used by certain HTTP client
implementations to configure the proxy for outgoing HTTP requests. A
remote attacker could possibly use this flaw to redirect HTTP requests
performed by a CGI script to an attacker-controlled proxy via a
malicious HTTP request.

Impact

A remote attacker is able to use this flaw to redirect HTTP requests
performed by a CGI script to an attacker-controlled proxy via a
malicious HTTP request.

References

https://access.redhat.com/security/cve/CVE-2016-5388
https://www.apache.org/security/asf-httpoxy-response.txt