CVE-2016-5387
Description
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an applications outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue. NOTE: the vendor states This mitigation has been assigned the identifier CVE-2016-5387; in other words, this is not a CVE ID for a vulnerability.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
58.301
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Apache to version 2.2.31 | Windows |
| Update HP System Management Homepage Detection (x64) 7.5.5.0 to latest version | Windows |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version | Windows |
| Multiple vulnerabilities fixed in Apache Apache 2.4.25 | Windows |
| Multiple vulnerabilities are fixed in Apache 2.4.2 | Windows |
| Vulnerabilities CVE-2016-4975,CVE-2016-5387,CVE-2016-8743 are fixed in Apache 2.2.3 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.43 | Windows |
| Vulnerabilities CVE-2016-5387 are fixed in IBM HTTP 9.0.0.1 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.11 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.13 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.7 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.10 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.37 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.11 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.13 | Windows |
| Vulnerabilities CVE-2016-5387,CVE-2016-3092,CVE-2016-1182,CVE-2016-1181 are fixed in IBM WebSphere 9.0.0.1 | Windows |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.5 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 Combo Update - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1 | Mac |
| Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1 | Mac |
| Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13 | Mac |
| Apache HTTP server (USN-1627-1) apache2.2-common_2.2.22-1ubuntu1.11_i386.deb | Linux |
| Apache HTTP server (USN-1627-1) apache2.2-common_2.2.22-1ubuntu1.11_amd64.deb | Linux |
| Apache HTTP server (USN-3038-1) apache2-bin_2.4.12-2ubuntu2.1_i386.deb | Linux |
| Apache HTTP server (USN-3038-1) apache2-bin_2.4.12-2ubuntu2.1_amd64.deb | Linux |
| Apache HTTP server (USN-3038-1) apache2-bin_2.4.18-2ubuntu3.1_i386.deb | Linux |
| Apache HTTP server (USN-3038-1) apache2-bin_2.4.18-2ubuntu3.1_amd64.deb | Linux |
| Apache HTTP server (USN-3038-1) apache2.2-bin_2.2.22-1ubuntu1.11_i386.deb | Linux |
| Apache HTTP server (USN-3038-1) apache2.2-bin_2.2.22-1ubuntu1.11_amd64.deb | Linux |
| (RHSA-2016:1421) Important: httpd security update httpd-2.2.3-92.el5_11.i386.rpm | Linux |
| (RHSA-2016:1421) Important: httpd security update httpd-2.2.3-92.el5_11.x86_64.rpm | Linux |
| (RHSA-2016:1421) Important: httpd security update httpd-devel-2.2.3-92.el5_11.i386.rpm | Linux |
| (RHSA-2016:1421) Important: httpd security update httpd-devel-2.2.3-92.el5_11.x86_64.rpm | Linux |
| (RHSA-2016:1421) Important: httpd security update httpd-manual-2.2.3-92.el5_11.i386.rpm | Linux |
| (RHSA-2016:1421) Important: httpd security update httpd-manual-2.2.3-92.el5_11.x86_64.rpm | Linux |
| (RHSA-2016:1421) Important: httpd security update mod_ssl-2.2.3-92.el5_11.i386.rpm | Linux |
| (RHSA-2016:1421) Important: httpd security update mod_ssl-2.2.3-92.el5_11.x86_64.rpm | Linux |
| Update Apache to version 2.2.31 (For Linux) | Linux |
| Multiple vulnerabilities fixed in Apache Apache 2.4.25 (For Linux) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For Ubuntu) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For Debian) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For Centos) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For RedHat) | Linux |
| Update HP System Management Homepage Detection 7.5.5.0 to latest version (For Suse) | Linux |
| Multiple Vulnerabilities affected in system_management_homepage 7.5.3.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.2.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1.0.102 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1.0-103 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0.0.96 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0.0-95 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12-200 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12-118 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11-197 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10-186 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.9-178 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8-177 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7.168 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6.156 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5.146-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5.146 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4.143 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4-143 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2.127 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0.121 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.2.106 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.1.104 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.2.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.2.6 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11.197-a | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186-c | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8.179 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.3.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.3.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.2.8 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15.210 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15-210 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.14.20 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.14 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12.201 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.5.4.3 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0.64 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0-68 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2.77-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2.77 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2-77 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1.73 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1-73 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.3.132 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.4.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.2.2.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.2.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.2.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.9 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7-168 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6-156 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5-146 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.3 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2-127 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-118 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-109 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-103(a) | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-103 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.0 | NCM |
| CVE-2016-5387 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601312 | Security Update 2017-001 macOS High Sierra v10.13.1 |
| PATCH-601345 | Security Update 2017-001 macOS High Sierra v10.13 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234