CVE-2016-5387 (retired)

Priority
Description
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and
therefore does not protect applications from the presence of untrusted
client data in the HTTP_PROXY environment variable, which might allow
remote attackers to redirect an application's outbound HTTP traffic to an
arbitrary proxy server via a crafted Proxy header in an HTTP request, aka
an "httpoxy" issue. NOTE: the vendor states "This mitigation has been
assigned the identifier CVE-2016-5387"; in other words, this is not a CVE
ID for a vulnerability.
Package
Upstream:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (2.4.18-2ubuntu3.1)
More Information

Updated: 2019-08-23 09:11:09 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)