Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2016-4694

Published: 25 September 2016

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.

Notes

AuthorNote
mdeslaur
this is probably an apple-specific CVE for the same issue as
CVE-2016-5387, marking as not-affected

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
upstream Not vulnerable

precise Not vulnerable

trusty Not vulnerable

xenial Not vulnerable