CVE-2016-5385

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-5385
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5385.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5385
Aliases
Downstream
Related
Published
2016-07-19T02:00:17.773Z
Modified
2026-02-13T23:53:07.794897Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTPPROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

References

Affected packages

Git
github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events
Introduced
35c2f3ca5c935f3d8bde15932a712677c9bbd50f
Fixed
5e60a2770329300866319aac1ab465159688d319

Affected versions

8.*
8.0.0
8.1.0
8.1.0-beta1
8.1.0-beta2
8.1.0-rc1
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5385.json"
github.com/guzzle/guzzle

Affected ranges

Type
GIT
Repo
https://github.com/guzzle/guzzle
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3f808fba627f2c5b69e2501217bf31af349c1427

Affected versions

4.*
4.0.0
4.0.0-rc.1
4.0.0-rc.2
4.0.1
4.0.2
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.2.0
4.2.1
4.2.2
4.2.3
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.1.0
5.2.0
5.3.0
6.*
6.0.0
6.0.1
6.0.2
6.1.0
6.1.1
6.2.0
v1.*
v1.0.0
v1.0.0beta1
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.1.0
v3.1.1
v3.1.2
v3.2.0
v3.3.0
v3.3.1
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.5.0
v3.6.0
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5385.json"
github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cc89b19b7b2a2face02b2c99f399354d227e8cc1
Introduced
54df0057e18d8c82c23fbd4e0bf5b5dc2e762955
Fixed
d4b316108549e09d61e183a8969f86d81a97060f

Affected versions

mysql-5.*
mysql-5.0.87sp1
mysql-5.0.90
mysql-5.0.91
mysql-5.0.92
mysql-5.0.93
mysql-5.0.94
mysql-5.0.95
mysql-5.0.96
mysql-5.1.14-ndb-6.1.0
mysql-5.1.15-ndb-6.1.1
mysql-5.1.15-ndb-6.1.10
mysql-5.1.15-ndb-6.1.11
mysql-5.1.15-ndb-6.1.12
mysql-5.1.15-ndb-6.1.13
mysql-5.1.15-ndb-6.1.14
mysql-5.1.15-ndb-6.1.15
mysql-5.1.15-ndb-6.1.16
mysql-5.1.15-ndb-6.1.19
mysql-5.1.15-ndb-6.1.2
mysql-5.1.15-ndb-6.1.20
mysql-5.1.15-ndb-6.1.21
mysql-5.1.15-ndb-6.1.22
mysql-5.1.15-ndb-6.1.23
mysql-5.1.15-ndb-6.1.3
mysql-5.1.15-ndb-6.1.5
mysql-5.1.15-ndb-6.1.6
mysql-5.1.15-ndb-6.1.7
mysql-5.1.15-ndb-6.1.8
mysql-5.1.15-ndb-6.1.9
mysql-5.1.16-ndb-6.2.0
mysql-5.1.18-ndb-6.2.2
mysql-5.1.19-ndb-6.2.3
mysql-5.1.19-ndb-6.2.4
mysql-5.1.19-ndb-6.3.0
mysql-5.1.19-ndb-6.3.1
mysql-5.1.22-ndb-6.2.10
mysql-5.1.22-ndb-6.2.5-no-prod
mysql-5.1.22-ndb-6.2.5-no-prod-fix1
mysql-5.1.22-ndb-6.2.6
mysql-5.1.22-ndb-6.2.7
mysql-5.1.22-ndb-6.2.8
mysql-5.1.22-ndb-6.2.9
mysql-5.1.22-ndb-6.3.2-no-prod
mysql-5.1.22-ndb-6.3.3
mysql-5.1.22-ndb-6.3.4
mysql-5.1.22-ndb-6.3.5
mysql-5.1.22-ndb-6.3.6
mysql-5.1.22-ndb-6.3.7
mysql-5.1.23-ndb-6.2.11
mysql-5.1.23-ndb-6.2.12
mysql-5.1.23-ndb-6.2.13
mysql-5.1.23-ndb-6.2.14
mysql-5.1.23-ndb-6.2.15
mysql-5.1.23-ndb-6.3.10
mysql-5.1.23-ndb-6.3.11
mysql-5.1.23-ndb-6.3.12
mysql-5.1.23-ndb-6.3.7
mysql-5.1.23-ndb-6.3.8
mysql-5.1.23-ndb-6.3.9
mysql-5.1.24-ndb-6.3.13
mysql-5.1.24-ndb-6.3.14
mysql-5.1.24-ndb-6.3.15
mysql-5.1.24-ndb-6.3.16
mysql-5.1.27-ndb-6.3.17
mysql-5.1.28-ndb-6.2.16
mysql-5.1.28-ndb-6.3.18
mysql-5.1.29-ndb-6.3.19
mysql-5.1.30-ndb-6.3.20
mysql-5.1.30-ndb-6.4.0
mysql-5.1.31-ndb-6.3.21
mysql-5.1.31-ndb-6.3.22
mysql-5.1.31-ndb-6.4.1
mysql-5.1.31-ndb-6.4.2
mysql-5.1.32-ndb-6.3.23
mysql-5.1.32-ndb-6.3.24
mysql-5.1.32-ndb-6.4.3
mysql-5.1.32-ndb-7.0.4
mysql-5.1.32-ndb-7.0.5
mysql-5.1.34-ndb-6.2.18
mysql-5.1.34-ndb-6.3.25
mysql-5.1.34-telco-7.0.6
mysql-5.1.35-ndb-6.3.26
mysql-5.1.35-ndb-7.0.7
mysql-5.1.37-ndb-6.3.27
mysql-5.1.37-ndb-6.3.27a
mysql-5.1.37-ndb-7.0.8
mysql-5.1.37-ndb-7.0.8a
mysql-5.1.39-ndb-6.3.28
mysql-5.1.39-ndb-6.3.28a
mysql-5.1.39-ndb-6.3.28b
mysql-5.1.39-ndb-6.3.29
mysql-5.1.39-ndb-6.3.30
mysql-5.1.39-ndb-7.0.10
mysql-5.1.39-ndb-7.0.9
mysql-5.1.39-ndb-7.0.9b
mysql-5.1.39-ndb-7.1.1
mysql-5.1.40sp1
mysql-5.1.41
mysql-5.1.41-ndb-6.3.31
mysql-5.1.41-ndb-6.3.31a
mysql-5.1.41-ndb-6.3.31b
mysql-5.1.41-ndb-6.3.32
mysql-5.1.41-ndb-7.0.11
mysql-5.1.41-ndb-7.0.11a
mysql-5.1.41-ndb-7.0.11b
mysql-5.1.41-ndb-7.0.12
mysql-5.1.41-ndb-7.0.12a
mysql-5.1.41-ndb-7.0.12b
mysql-5.1.41-ndb-7.0.13
mysql-5.1.41-ndb-7.1.1
mysql-5.1.41-ndb-7.1.2-beta
mysql-5.1.42
mysql-5.1.43
mysql-5.1.43sp1
mysql-5.1.44
mysql-5.1.44-ndb-6.3.33
mysql-5.1.44-ndb-6.3.34
mysql-5.1.44-ndb-7.0.14
mysql-5.1.44-ndb-7.0.15
mysql-5.1.44-ndb-7.0.15a
mysql-5.1.44-ndb-7.1.3
mysql-5.1.44-ndb-7.1.4
mysql-5.1.44-ndb-7.1.4a
mysql-5.1.45
mysql-5.1.46
mysql-5.1.46sp1
mysql-5.1.47
mysql-5.1.47-ndb-6.3.35
mysql-5.1.47-ndb-7.0.16
mysql-5.1.47-ndb-7.1.5
mysql-5.1.48
mysql-5.1.49
mysql-5.1.49sp1
mysql-5.1.50
mysql-5.1.51
mysql-5.1.52
mysql-5.1.52sp1
mysql-5.1.53
mysql-5.1.54
mysql-5.1.55
mysql-5.1.56
mysql-5.1.57
mysql-5.1.58
mysql-5.1.59
mysql-5.1.60
mysql-5.1.61
mysql-5.1.62
mysql-5.1.63
mysql-5.1.65
mysql-5.1.66
mysql-5.1.67
mysql-5.1.68
mysql-5.1.69
mysql-5.1.69-retag
mysql-5.1.70
mysql-5.1.71
mysql-5.1.72
mysql-5.1.73
mysql-5.5.0
mysql-5.5.1-m2
mysql-5.5.10
mysql-5.5.11
mysql-5.5.12
mysql-5.5.13
mysql-5.5.14
mysql-5.5.15
mysql-5.5.16
mysql-5.5.17
mysql-5.5.18
mysql-5.5.19
mysql-5.5.2-m2
mysql-5.5.20
mysql-5.5.21
mysql-5.5.22
mysql-5.5.23
mysql-5.5.24
mysql-5.5.25
mysql-5.5.25a
mysql-5.5.27
mysql-5.5.28
mysql-5.5.29
mysql-5.5.3-m3
mysql-5.5.30
mysql-5.5.31
mysql-5.5.32
mysql-5.5.33
mysql-5.5.34
mysql-5.5.35
mysql-5.5.36
mysql-5.5.37
mysql-5.5.38
mysql-5.5.39
mysql-5.5.40
mysql-5.5.41
mysql-5.5.42
mysql-5.5.5-m3
mysql-5.5.6-rc
mysql-5.5.7
mysql-5.5.8
mysql-5.5.9
mysql-5.6.10
mysql-5.6.11
mysql-5.6.12
mysql-5.6.13
mysql-5.6.14
mysql-5.6.15
mysql-5.6.16
mysql-5.6.17
mysql-5.6.19
mysql-5.6.2
mysql-5.6.20
mysql-5.6.21
mysql-5.6.22
mysql-5.6.3
mysql-5.6.4
mysql-5.6.5
mysql-5.6.6
mysql-5.6.7
mysql-5.6.8
mysql-5.6.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5385.json"
github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
2c2d0de09e522fe097bfcebfb758171eb6aa5270
Fixed
bcd100d812b525c982cf75d6c6dabe839f61634a
Introduced
5dc92c2117cafc61daaaaa240fd46c3ac33872a4
Fixed
d35e577a1bd0b35b9386cea97cddc73fd98eed6d
Introduced
fc1df8e7a6886e29a6ed5bef3f674ac61164e847
Fixed
38980c9ea4156ce52a53f9f3e1007ea3d787fa11

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5385.json"