Tomcat: CGI sets environmental variable based on user supplied Proxy request header

🗓️ 18 Aug 2016 18:20:54Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Tomcat exposes HTTP_PROXY from the user Proxy header to CGI scripts, enabling proxy redirection.

Reporter	Title	Published	Views	Family All 130
IBM Security Bulletins	Release of QRadar 7.2.8 Patch 4 (7.2.8.20170224202650) Updated w/Security Bulletins	10 May 201914:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.	15 Jun 201823:17	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900	18 Feb 202301:45	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM Cognos Business Intelligence shipped with IBM Cognos Planning (CVE-2016-5388).	25 Jun 201805:54	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840	18 Jun 201800:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator	29 Apr 202502:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerability (CVE-2016-5388)	18 Nov 201913:57	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)	16 Jun 201821:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products	29 Mar 202301:48	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	httpd24	0:2.4.6-62.ep7.el7	httpd24-0:2.4.6-62.ep7.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	httpd24-debuginfo	0:2.4.6-62.ep7.el7	httpd24-debuginfo-0:2.4.6-62.ep7.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	httpd24-devel	0:2.4.6-62.ep7.el7	httpd24-devel-0:2.4.6-62.ep7.el7.x86_64.rpm
Red Hat Enterprise Linux	7	any	httpd24-manual	0:2.4.6-62.ep7.el7.noarch	httpd24-manual-0:2.4.6-62.ep7.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	x86_64	httpd24-tools	0:2.4.6-62.ep7.el7	httpd24-tools-0:2.4.6-62.ep7.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	mod_ldap24	0:2.4.6-62.ep7.el7	mod_ldap24-0:2.4.6-62.ep7.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	mod_proxy24_html	1:2.4.6-62.ep7.el7	mod_proxy24_html-1:2.4.6-62.ep7.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	mod_session24	0:2.4.6-62.ep7.el7	mod_session24-0:2.4.6-62.ep7.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	mod_ssl24	1:2.4.6-62.ep7.el7	mod_ssl24-1:2.4.6-62.ep7.el7.x86_64.rpm
Red Hat Enterprise Linux	7	any	tomcat7	0:7.0.59-51_patch_01.ep7.el7.noarch	tomcat7-0:7.0.59-51_patch_01.ep7.el7.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-5388
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-5388
cve	www.cve.org/CVERecord

14 May 2026 22:23Current

7.4High risk

Vulners AI Score7.4

CVSS 25.1

CVSS 38.1

EPSS0.40671

tomcat cgi scripts proxy header proxy environment remote attacker unix