PT-2016-6084 · Apple+1 · Os X Server+2

Dominic Scheirlinck

Published

2016-09-25

Updated

2017-07-30

CVE-2016-4694

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server in Apple OS X versions prior to 10.12 Apache HTTP Server in OS X Server versions prior to 5.2

Description The issue allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request. This is related to the HTTP PROXY environment variable and the presence of untrusted CGI client data.

Recommendations For Apache HTTP Server in Apple OS X versions prior to 10.12, update to OS X 10.12 or later. For Apache HTTP Server in OS X Server versions prior to 5.2, update to OS X Server 5.2 or later.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-4694

Affected Products

Apache Http Server

Os X

Os X Server

PT-2016-6084 · Apple+1 · Os X Server+2

CVE-2016-4694

Weakness Enumeration

Related Identifiers

Affected Products

References · 8