CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS v3.0 8.1 HIGH
CVSS v2.0 5.1 MEDIUM

8.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1353794	Issue Tracking Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/797896	Third Party Advisory US Government Resource
https://httpoxy.org/	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html	Third Party Advisory
http://www.securityfocus.com/bid/91821	Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-1611.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1612.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1613.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1610.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1609.html	Broken Link Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
https://www.drupal.org/SA-CORE-2016-003	Third Party Advisory
https://github.com/guzzle/guzzle/releases/tag/6.2.1	Release Notes Third Party Advisory
https://security.gentoo.org/glsa/201611-22	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us	Third Party Advisory
http://www.securitytracker.com/id/1036335	Third Party Advisory VDB Entry
http://www.debian.org/security/2016/dsa-3631	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:::::::*
	cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:::::::*
	cpe:2.3:o:oracle:linux:6:-::::::
	cpe:2.3:o:oracle:linux:7:-::::::
	cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:::::::*
	cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:24:::::::*
	cpe:2.3:o:fedoraproject:fedora:23:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:storeever_msl6480_tape_library_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:storeever_msl6480_tape_library:-:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 6 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 7 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Information

Published : 2016-07-18 19:00

Updated : 2023-02-12 15:23

NVD link : CVE-2016-5385

Mitre link : CVE-2016-5385

JSON object : View

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server

drupal

drupal

system_management_homepage
storeever_msl6480_tape_library_firmware
storeever_msl6480_tape_library

fedoraproject

fedora

oracle

linux
enterprise_manager_ops_center
communications_user_data_repository

opensuse

leap

php

debian

debian_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/797896", "name": "VU#797896", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "https://httpoxy.org/", "name": "https://httpoxy.org/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", "name": "openSUSE-SU-2016:1922", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.securityfocus.com/bid/91821", "name": "91821", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html", "name": "RHSA-2016:1611", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html", "name": "RHSA-2016:1612", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html", "name": "RHSA-2016:1613", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html", "name": "RHSA-2016:1610", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html", "name": "RHSA-2016:1609", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.drupal.org/SA-CORE-2016-003", "name": "https://www.drupal.org/SA-CORE-2016-003", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1", "name": "https://github.com/guzzle/guzzle/releases/tag/6.2.1", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.gentoo.org/glsa/201611-22", "name": "GLSA-201611-22", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us", "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1036335", "name": "1036335", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.debian.org/security/2016/dsa-3631", "name": "DSA-3631", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/", "tags": [], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/", "tags": [], "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-601"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-5385", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}}, "publishedDate": "2016-07-19T02:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:hp:storeever_msl6480_tape_library_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.09"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:hp:storeever_msl6480_tape_library:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.5.5.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.6.24", "versionStartIncluding": "5.6.0"}, {"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.5.38", "versionStartIncluding": "5.5.0"}, {"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.1.7", "versionStartIncluding": "8.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-12T23:23Z"}

8.1 /10