httpoxy
|
Size: 1284
Comment:
|
← Revision 3 as of 2025-04-17 11:55:16 ⇥
Size: 1364
Comment: Migrated to main website
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| #DEPRECATED #REFRESH 10 https://ubuntu.com/security/vulnerabilities/httpoxy |
httpoxy CGI application vulnerability
httpoxy is a vulnerability in CGI environments related to handling the Proxy header:
- RFC3875 puts the HTTP Proxy header from requests into environment variables as HTTP_PROXY
- HTTP_PROXY in a common environment variable used to configure a proxy server
Resolution
This issue will be fixed in pending security updates. Some of the packages affected by this issue are:
CVE-2016-5385: PHP
CVE-2016-5386: Go
CVE-2016-5387: Apache HTTP Server - Update released
CVE-2016-5388: Apache Tomcat
- CVE-2016-1000109: HHVM
- CVE-2016-1000110: Python
Mitigation
The Ubuntu Security team encourages everyone to apply the mitigations listed on the httpoxy information page.
Timeline
2016 Jul 18: The httpoxy disclosure team discloses their findings
httpoxy CGI application vulnerability
httpoxy is a vulnerability in CGI environments related to handling the Proxy header:
- RFC3875 puts the HTTP Proxy header from requests into environment variables as HTTP_PROXY
- HTTP_PROXY in a common environment variable used to configure a proxy server
Resolution
This issue will be fixed in pending security updates. Some of the packages affected by this issue are:
CVE-2016-5385: PHP
CVE-2016-5386: Go
CVE-2016-5387: Apache HTTP Server - Update released
CVE-2016-5388: Apache Tomcat
- CVE-2016-1000109: HHVM
- CVE-2016-1000110: Python
Mitigation
The Ubuntu Security team encourages everyone to apply the mitigations listed on the httpoxy information page.
Timeline
2016 Jul 18: The httpoxy disclosure team discloses their findings
SecurityTeam/KnowledgeBase/httpoxy (last edited 2025-04-17 11:55:16 by lucistanescu)