CVE-2016-4694

Name of the Vulnerable Software and Affected Versions Apache HTTP Server in Apple OS X versions prior to 10.12 Apache HTTP Server in OS X Server versions prior to 5.2

Description The issue allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request. This is related to the HTTP PROXY environment variable and the presence of untrusted CGI client data.

Recommendations For Apache HTTP Server in Apple OS X versions prior to 10.12, update to OS X 10.12 or later. For Apache HTTP Server in OS X Server versions prior to 5.2, update to OS X Server 5.2 or later.