CVE-2016-5385

high-risk
Published 2016-07-19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

Do I need to act?

!
81.3% chance of exploitation in next 30 days
EPSS score — higher than 19% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (18)

Php

Affected Vendors

Oracle Debian Hp Redhat Opensuse Fedoraproject Php Drupal

References (50)

Third Party Advisory http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
Broken Link http://rhn.redhat.com/errata/RHSA-2016-1609.html
Broken Link http://rhn.redhat.com/errata/RHSA-2016-1610.html
Broken Link http://rhn.redhat.com/errata/RHSA-2016-1611.html
Broken Link http://rhn.redhat.com/errata/RHSA-2016-1612.html
Broken Link http://rhn.redhat.com/errata/RHSA-2016-1613.html
Third Party Advisory http://www.debian.org/security/2016/dsa-3631
Third Party Advisory http://www.kb.cert.org/vuls/id/797896
Patch http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Third Party Advisory http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.h...
Third Party Advisory http://www.securityfocus.com/bid/91821
Third Party Advisory http://www.securitytracker.com/id/1036335
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1353794
Release Notes https://github.com/guzzle/guzzle/releases/tag/6.2.1
Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...
Third Party Advisory https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...
Third Party Advisory https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...
Third Party Advisory https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...
Third Party Advisory https://httpoxy.org/
and 30 more references
63
/ 100
high-risk
Severity 24/34 · High
Exploitability 20/34 · Moderate
Exposure 19/34 · Moderate