CVE-2016-5388 - Improper Access Control

Severity

51%

Complexity

49%

Confidentiality

106%

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

CVSS 3.0 Base Score 8.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

First reported 8 years ago

2016-07-19 02:00:00

Last updated 5 years ago

2019-12-27 16:08:00

Affected Software

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux HPC Node 7.0

7.0

Red Hat Enterprise Linux HPC Node EUS 7.2

7.2

RedHat Enterprise Linux Server 7.0

7.0

Red Hat Enterprise Linux Server AUS 7.2

7.2

Red Hat Enterprise Linux Server EUS 7.2

7.2

RedHat Enterprise Linux Workstation 7.0

7.0

HP System Management Homepage

Red Hat Enterprise Linux Desktop 6.0

6.0

RedHat Enterprise Linux HPC Node 6.0

6.0

Red Hat Enterprise Linux Server 6.0

6.0

Red Hat Enterprise Linux Workstation 6.0

6.0

Apache Software Foundation Tomcat

References

openSUSE-SU-2016:2252

Third Party Advisory

RHSA-2016:1624

Third Party Advisory

RHSA-2016:2045

Third Party Advisory

RHSA-2016:2046

Third Party Advisory

VU#797896

Third Party Advisory, US Government Resource

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Third Party Advisory

91818

Third Party Advisory, VDB Entry

1036331

Third Party Advisory, VDB Entry, Vendor Advisory

RHSA-2016:1635

Third Party Advisory

RHSA-2016:1636

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Third Party Advisory

https://httpoxy.org/

Third Party Advisory

[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar

[activemq-issues] 20190925 [jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar

[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.

[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update

https://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Release Notes, Vendor Advisory

https://www.apache.org/security/asf-httpoxy-response.txt

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.