A remote proxy manipulation vulnerability exists related to missing protection against RFC 3875 section 4.1.18 namespace conflicts. The issue is triggered when handling requests containing ‘Proxy’ HTTP headers, as these may be stored in the HTTP_PROXY environment variable also commonly used to configure an outbound HTTP proxy for CGI applications. With a specially crafted request, a remote attacker can specify an arbitrary HTTP proxy server to be used by CGI applications relying on the HTTP_PROXY environment variable. (CVE-2016-5387)
A flaw exists that is triggered when handling whitespace patterns in User-Agent headers. This may allow a remote attacker to use a specially crafted User-Agent header to cause the program to incorrectly handle sequences of requests, potentially interpreting responses incorrectly and polluting the cache, or disclosing content from one request to a second downstream user-agent. (CVE-2016-8743)

Binary data 9486.prm

VendorProductVersionCPE
apachehttp_servercpe:/a:apache:http_server

Vendor	Product	Version	CPE
apache	http_server		cpe:/a:apache:http_server

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

httpd.apache.org/security/vulnerabilities_22.html

nessus 59

freebsd 1

redhat 9

ibm 16

httpd 4

ubuntu 2

openvas 43

amazon 3

centos 3

alpinelinux 1

oraclelinux 4

debian 10

mageia 2

slackware 1

fedora 6

veracode 2

debiancve 2

osv 5

ubuntucve 5

redhatcve 3

prion 4

cve 4

f5 3

d0znpp 1

gentoo 1

suse 1

cloudfoundry 1

altlinux 3

nessus

Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy)

2017-01-12 00:00:00

FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy)

2016-12-21 00:00:00

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy)

2016-12-27 00:00:00

freebsd

Apache httpd -- several vulnerabilities

2016-12-20 00:00:00

redhat

(RHSA-2016:1421) Important: httpd security update

2016-07-18 00:00:00

(RHSA-2016:1422) Important: httpd security and bug fix update

2016-07-18 14:13:23

(RHSA-2016:1851) Important: Red Hat JBoss Core Services Apache HTTP 2.4.6 Service Pack 1 security update

2016-09-12 16:50:10

ibm

Security Bulletin: A vulnerability in the Apache HTTP Server affects PowerKVM (CVE-2016-5387)

2018-06-18 01:32:51

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2016-5387)

2018-06-16 21:48:41

Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)

2022-09-08 00:09:56

httpd

Apache Httpd < 2.2.32 : HTTP_PROXY environment variable "httpoxy" mitigation

2016-07-02 00:00:00

Apache Httpd < 2.4.25 : HTTP_PROXY environment variable "httpoxy" mitigation

2016-07-02 00:00:00

Apache Httpd < 2.4.25 : Apache HTTP Request Parsing Whitespace Defects

2016-02-10 00:00:00

ubuntu

Apache HTTP Server vulnerability

2016-07-18 00:00:00

Apache HTTP Server vulnerabilities

2017-05-09 00:00:00

openvas

Fedora Update for httpd FEDORA-2016-9fd9bfab9e

2016-08-02 00:00:00

Ubuntu: Security Advisory (USN-3038-1)

2016-08-02 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:1818-1)

2021-04-19 00:00:00

amazon

Important: httpd24, httpd

2016-07-20 18:00:00

Medium: httpd

2017-06-22 19:25:00

Medium: httpd24

2017-01-19 16:30:00

centos

httpd, mod_ssl security update

2016-07-18 15:57:06

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2016-07-18 16:26:29

httpd, mod_ssl security update

2017-07-12 17:44:05

alpinelinux

CVE-2016-5387

2016-07-19 02:00:00

oraclelinux

httpd security and bug fix update

2016-07-18 00:00:00

httpd security update

2016-07-18 00:00:00

httpd security and bug fix update

2017-07-11 00:00:00

debian

[SECURITY] [DSA 3623-1] apache2 security update

2016-07-20 08:39:47

[SECURITY] [DLA 553-1] apache2 security update

2016-07-20 11:30:29

[SECURITY] [DSA 3623-1] apache2 security update

2016-07-20 08:39:47

mageia

Updated apache packages fix security vulnerability

2016-07-27 00:16:28

Updated perl-CGI-Emulate-PSGI packages fix security vulnerability

2017-05-26 09:54:58

slackware

[slackware-security] httpd

2016-12-24 01:35:08

fedora

[SECURITY] Fedora 23 Update: httpd-2.4.23-4.fc23

2016-07-27 20:56:05

[SECURITY] Fedora 24 Update: perl-CGI-Emulate-PSGI-0.22-1.fc24

2016-08-08 20:37:39

[SECURITY] Fedora 24 Update: httpd-2.4.23-4.fc24

2016-07-22 16:00:58

veracode

Open Redirection

2019-01-15 09:12:18

Denial Of Service (DoS)

2019-01-15 09:18:23

debiancve

CVE-2016-5387

2016-07-19 02:00:00

CVE-2016-8743

2017-07-27 21:29:00

osv

CVE-2016-5387

2016-07-19 02:00:00

apache2 - security update

2017-02-28 00:00:00

apache2 - regression update

2017-07-29 00:00:00

ubuntucve

CVE-2016-5387

2016-07-18 00:00:00

CVE-2016-8743

2016-12-22 00:00:00

CVE-2016-4694

2016-09-25 00:00:00

redhatcve

CVE-2016-5387

2016-07-18 14:19:04

CVE-2016-8743

2016-12-21 15:18:32

CVE-2016-1000104

2016-07-18 14:49:14

prion

Design/Logic Flaw

2016-07-19 02:00:00

Design/Logic Flaw

2017-07-27 21:29:00

Design/Logic Flaw

2016-10-06 14:59:00

cve

CVE-2016-5387

2016-07-19 02:00:00

CVE-2016-8743

2017-07-27 21:29:00

CVE-2016-4694

2016-09-25 10:59:00

SOL80513384 - Apache HTTPD vulnerability CVE-2016-5387

2016-08-02 00:00:00

Apache HTTPD vulnerability CVE-2016-5387

2016-08-02 21:36:00

Apache vulnerability CVE-2016-8743

2017-02-03 23:10:00

d0znpp

The best Burp plugin I’ve ever seen

2017-10-24 01:35:57

gentoo

Apache: Multiple vulnerabilities

2017-01-15 00:00:00

suse

Security update for apache2 (moderate)

2018-09-25 15:13:20

cloudfoundry

Multiple CVEs: httpoxy | Cloud Foundry

2016-12-21 00:00:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.25-alt1

2017-05-18 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.25-alt1

2017-05-18 00:00:00

Security fix for the ALT Linux 8 package apache2 version 1:2.4.25-alt1

2017-05-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for 9486.PRM