Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

  • Published: Jul 19, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-5387
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.1
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
apache / http_server 2.4.1 2.4.23.x
apache / http_server 2.2.0 2.2.31.x
hp / system_management_homepage - 7.5.5.0.x
oracle / enterprise_manager_ops_center 12.2.2 12.2.2.x
oracle / solaris 11.3 11.3.x
oracle / enterprise_manager_ops_center 12.3.2 12.3.2.x
oracle / linux 5 5.x
oracle / linux 6 6.x
oracle / linux 7 7.x
oracle / communications_user_data_repository 10.0.0 12.4.x
fedoraproject / fedora 24 24.x
fedoraproject / fedora 23 23.x
redhat / jboss_web_server 2.1.0 2.1.0.x
redhat / jboss_enterprise_web_server 2.0.0 2.0.0.x
redhat / jboss_enterprise_web_server 3.0.0 3.0.0.x
redhat / jboss_core_services 1.0 1.0.x
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_server_aus 7.2 7.2.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_server_tus 7.2 7.2.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_desktop 6.0 6.0.x
redhat / enterprise_linux_server 6.0 6.0.x
redhat / enterprise_linux_workstation 6.0 6.0.x
redhat / enterprise_linux_server_tus 7.3 7.3.x
redhat / enterprise_linux_server_aus 7.3 7.3.x
redhat / enterprise_linux_server_aus 7.4 7.4.x
redhat / enterprise_linux_eus 7.3 7.3.x
redhat / enterprise_linux_eus 7.4 7.4.x
redhat / enterprise_linux_eus 7.5 7.5.x
redhat / enterprise_linux_server_tus 7.6 7.6.x
redhat / enterprise_linux_server_aus 7.6 7.6.x
redhat / enterprise_linux_eus 7.6 7.6.x
redhat / enterprise_linux_eus 7.2 7.2.x
redhat / enterprise_linux_server_aus 7.7 7.7.x
redhat / enterprise_linux_server_tus 7.7 7.7.x
redhat / enterprise_linux_eus 7.7 7.7.x
debian / debian_linux 8.0 8.0.x
canonical / ubuntu_linux 15.10 15.10.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 12.04 12.04.x
opensuse / leap 42.1 42.1.x
opensuse / opensuse 13.2 13.2.x