SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP HttpOxy CGI application vulnerability potential man-in-the-middle attempt
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. Impact: CVSS base score 8.1 CVSS impact score 5.9 CVSS exploitability score 2.2 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH Details: Ease of Attack:
No information provided
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
CVE-2016-5385 |
Loading description
|
CVE-2016-5386 |
Loading description
|
CVE-2016-5387 |
Loading description
|
CVE-2016-5388 |
Loading description
|
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
