Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2016-5385

Disclosure Date: July 19, 2016
CVE-2016-5385 CVSS v3 Base Score: 8.1
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(‘HTTP_PROXY’) call or (2) a CGI configuration of PHP, aka an “httpoxy” issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.1 High
Impact Score:
5.9
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • drupal,
  • fedoraproject,
  • hp,
  • opensuse,
  • oracle,
  • php,
  • redhat

Products

  • communications user data repository 10.0.0,
  • communications user data repository 10.0.1,
  • communications user data repository 12.0.0,
  • debian linux 8.0,
  • drupal,
  • enterprise linux desktop 6.0,
  • enterprise linux server 6.0,
  • enterprise linux workstation 6.0,
  • enterprise manager ops center 12.2.2,
  • enterprise manager ops center 12.3.2,
  • fedora 23,
  • fedora 24,
  • leap 42.1,
  • linux 6,
  • linux 7,
  • php,
  • storeever msl6480 tape library firmware,
  • system management homepage

References

Canonical
CVE-2016-5385 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385)
BID-91821 (http://www.securityfocus.com/bid/91821)
Advisory
FEDORA-2016-8eb11666aa (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297
VU#797896 (http://www.kb.cert.org/vuls/id/797896)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
GLSA-201611-22 (https://security.gentoo.org/glsa/201611-22)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.drupal.org/SA-CORE-2016-003
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://rhn.redhat.com/errata/RHSA-2016-1613.html
http://rhn.redhat.com/errata/RHSA-2016-1611.html
http://rhn.redhat.com/errata/RHSA-2016-1610.html
DSA-3631 (http://www.debian.org/security/2016/dsa-3631)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
FEDORA-2016-4e7db3d437 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP)
http://rhn.redhat.com/errata/RHSA-2016-1609.html
SECTRACK-1036335 (http://www.securitytracker.com/id/1036335)
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://rhn.redhat.com/errata/RHSA-2016-1612.html
https://bugzilla.redhat.com/show_bug.cgi?id=1353794
FEDORA-2016-9c8cf5912c (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF)
https://github.com/guzzle/guzzle/releases/tag/6.2.1
Miscellaneous
https://httpoxy.org
https://access.redhat.com/errata/RHSA-2016:1609
https://access.redhat.com/errata/RHSA-2016:1610
https://access.redhat.com/errata/RHSA-2016:1611
https://access.redhat.com/errata/RHSA-2016:1612
https://access.redhat.com/errata/RHSA-2016:1613
https://access.redhat.com/security/cve/CVE-2016-5385
https://httpoxy.org/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis