CVE-2016-5385
Description
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an applications outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(HTTP_PROXY) call or (2) a CGI configuration of PHP, aka an httpoxy issue.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
81.747
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update HP System Management Homepage Detection (x64) 7.5.5.0 to latest version | Windows |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version | Windows |
| (RHSA-2016:1609) Moderate: php security update php-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-bcmath-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-bcmath-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-cli-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-cli-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-common-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-common-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-dba-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-dba-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-devel-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-devel-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-embedded-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-embedded-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-enchant-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-enchant-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-fpm-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-fpm-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-gd-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-gd-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-imap-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-imap-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-intl-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-intl-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-ldap-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-ldap-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-mbstring-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-mbstring-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-mysql-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-mysql-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-odbc-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-odbc-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-pdo-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-pdo-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-pgsql-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-pgsql-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-process-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-process-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-pspell-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-pspell-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-recode-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-recode-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-snmp-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-snmp-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-soap-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-soap-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-tidy-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-tidy-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-xml-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-xml-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-xmlrpc-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-xmlrpc-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-zts-5.3.3-48.el6_8.i686.rpm | Linux |
| (RHSA-2016:1609) Moderate: php security update php-zts-5.3.3-48.el6_8.x86_64.rpm | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For Ubuntu) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For Debian) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For Centos) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For RedHat) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For Suse) | Linux |
| (CESA-2016:1609) Moderate: php security update php-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-bcmath-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-bcmath-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-cli-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-cli-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-common-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-common-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-dba-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-dba-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-devel-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-devel-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-embedded-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-embedded-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-enchant-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-enchant-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-fpm-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-fpm-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-gd-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-gd-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-imap-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-imap-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-intl-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-intl-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-ldap-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-ldap-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-mbstring-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-mbstring-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-mysql-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-mysql-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-odbc-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-odbc-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-pdo-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-pdo-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-pgsql-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-pgsql-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-process-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-process-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-pspell-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-pspell-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-recode-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-recode-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-snmp-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-snmp-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-soap-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-soap-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-tidy-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-tidy-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-xml-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-xml-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-xmlrpc-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-xmlrpc-5.3.3-48.el6_8.x86_64.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-zts-5.3.3-48.el6_8.i686.rpm | Linux |
| (CESA-2016:1609) Moderate: php security update php-zts-5.3.3-48.el6_8.x86_64.rpm | Linux |
| Multiple Vulnerabilities affected in system_management_homepage 7.4.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.2.2.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.2.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.2.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.9 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7-168 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6-156 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5-146 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.3 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2-127 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-118 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-109 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-103(a) | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-103 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.5.3.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.2.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1.0.102 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1.0-103 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0.0.96 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0.0-95 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12-200 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12-118 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11-197 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10-186 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.9-178 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8-177 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7.168 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6.156 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5.146-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5.146 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4.143 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4-143 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2.127 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0.121 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.2.106 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.1.104 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.2.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.2.6 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11.197-a | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186-c | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8.179 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.3.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.3.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.2.8 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15.210 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15-210 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.14.20 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.14 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12.201 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.5.4.3 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0.64 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0-68 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2.77-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2.77 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2-77 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1.73 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1-73 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.3.132 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.1 | NCM |
| URL Redirection to Untrusted Site (Open Redirect) Vulnerability (CVE-2016-5385) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234