[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2016-5388 -- tomcat6, tomcat7

ID: oval:org.secpod.oval:def:1901153Date: (C)2019-03-04   (M)2023-12-20
Class: VULNERABILITYFamily: unix




Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application"s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

Platform:
Ubuntu 16.04
Ubuntu 18.10
Ubuntu 14.04
Ubuntu 18.04
Product:
tomcat6
tomcat7
libservlet3.0-java
Reference:
CVE-2016-5388
CVE    1
CVE-2016-5388
CPE    191
cpe:/a:apache:libservlet3.0-java
cpe:/a:apache:tomcat:6.0.6:alpha
cpe:/a:apache:tomcat7
cpe:/a:apache:tomcat:6.0
...

© SecPod Technologies