|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Operating systems & Components / Operating system
This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to obtain potentially sensitive information and compromise vulnerable server.
The vulnerability exists due to a design error in multiple implementations of web servers. A remote unauthenticated attacker can use a specially crafted Proxy header in HTTP request to influence HTTP_PROXY environment variable and redirect application’s HTTP traffic to arbitrary proxy server.
Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to sensitive information and compromise vulnerable server.
This vulnerability is known as httppoxy.Mitigation
Update the affected package to version: 2.4.10-10+deb8u5Vulnerable software versions
Debian Linux: All versionsCPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?