CVE-2016-5387

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-5387
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5387.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5387
Downstream
Related
Published
2016-07-19T02:00:19.837Z
Modified
2026-04-11T12:04:27.416740Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "7.5.5.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "introduced": "10.0.0"
                },
                {
                    "last_affected": "12.4"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.2"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.3.2"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "2.0.0"
                },
                {
                    "last_affected": "2.0.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "3.0.0"
                },
                {
                    "last_affected": "3.0.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "2.1.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.04"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "14.04"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "15.10"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "23"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "24"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "42.1"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "13.2"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "5-NA"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "6-NA"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7-NA"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "11.3"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "6.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.2"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.4"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.5"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.6"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.7"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "6.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.2"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.4"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.6"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.7"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.2"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.6"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.7"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "6.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
cd3e5a83cd5765d12b3237631c829eaff80f8425
Last affected
79f35160c372de1e867542e1705962fb0880a647
Introduced
60fa04727910859b5512f7bbb36c53c4652cff2c
Last affected
ef07cb031c6f8f7ac483c26fc858aad68c365fd9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8048373d9a8bd8c7237829b56a06485d5f5bf2e4
Database specific 
{
    "extracted_events": [
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.31"
        },
        {
            "introduced": "2.4.1"
        },
        {
            "last_affected": "2.4.23"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

2.*
2.2.31
2.4.23
Other
HTTPD_LDAP_1_0_0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5387.json"