CVE-2016-5388

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.70 Apache Tomcat versions 8.0.0 through 8.5.4

Description The issue allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request. This is due to the CGI Servlet following RFC 3875 section 4.1.18 and not protecting applications from the presence of untrusted client data in the HTTP PROXY environment variable.

Recommendations For Apache Tomcat versions 7.0.0 through 7.0.70, consider disabling the CGI Servlet until a mitigation is available. For Apache Tomcat versions 8.0.0 through 8.5.4, consider disabling the CGI Servlet until a mitigation is available. As a temporary workaround, restrict access to the HTTP PROXY environment variable to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2018-1731

CESA-2016_2045

CESA-2016_2046

CVE-2016-5388

DLA-1883-1

GHSA-V646-RX6W-R3QQ

MGASA-2016-0312

RHSA-2016:1635

RHSA-2016:1636

RHSA-2016:2045

RHSA-2016:2046

RHSA-2016_2045

RHSA-2016_2046

SUSE-SU-2016:2188-1

SUSE-SU-2016:2229-1

SUSE-SU-2016_2229-1

SUSE-SU-2017:1632-1

SUSE-SU-2017:1660-1

USN-3177-1

USN-3177-2

USN-4791-1

Affected Products

Alt Linux

Apache Tomcat

Centos

Red Hat

Suse

Ubuntu

CVE-2016-5388

Weakness Enumeration

Related Identifiers

Affected Products

References · 111