CVE-2016-5388

high-risk

Published 2016-07-19

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Do I need to act?

36.8% chance of exploitation in next 30 days

EPSS score — higher than 63% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (16)

Enterprise Linux Hpc Node Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server

Enterprise Linux Workstation

Linux

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server Tus

System Management Homepage

Linux

Tomcat

Affected Vendors

Oracle Hp Redhat Apache

References (50)

Third Party Advisory http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-1624.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2045.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2046.html

Third Party Advisory http://www.kb.cert.org/vuls/id/797896

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Third Party Advisory http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.h...

Third Party Advisory http://www.securityfocus.com/bid/91818

Third Party Advisory http://www.securitytracker.com/id/1036331

Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1635

Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1636

Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...

Third Party Advisory https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...

Third Party Advisory https://httpoxy.org/

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885...

https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9...

https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458...

https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b...

and 30 more references

/ 100

high-risk

Severity 24/34 · High

Exploitability 16/34 · Moderate

Exposure 18/34 · Moderate