SB2016071821 - Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 update for httpd 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016071821

SB2016071821 - Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 update for httpd

Published: July 18, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016071821
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Httpoxy issue (CVE-ID: CVE-2016-5387)

The vulnerability allows a remote attacker to obtain potentially sensitive information and compromise vulnerable server.

The vulnerability exists due to a design error in multiple implementations of web servers. A remote unauthenticated attacker can use a specially crafted Proxy header in HTTP request to influence HTTP_PROXY environment variable and redirect application’s HTTP traffic to arbitrary proxy server.

Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to sensitive information and compromise vulnerable server.

This vulnerability is known as httppoxy.


Remediation

Install update from vendor's website.

References