Traffic proxy in macOS and macOS Server - CVE-2016-4694
Published: September 21, 2016 / Updated: January 6, 2017
Vulnerability identifier: #VU593
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4694
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS Server
macOS
macOS Server
Detailed vulnerability description
The vulnerability allows a remote user to proxy traffic to an arbitrary server.
The weakness exists due to usage of variable HTTP_PROXY by macOS Server CGI applications. Under the influence of specially crafted and sent HTTP "Proxy:" the target CGI application may proxy HTTP connections to an arbitrary port on an arbitrary server.
Successful exploitation of the vulnerability leads to proxying traffic to an arbitrary server.
The weakness exists due to usage of variable HTTP_PROXY by macOS Server CGI applications. Under the influence of specially crafted and sent HTTP "Proxy:" the target CGI application may proxy HTTP connections to an arbitrary port on an arbitrary server.
Successful exploitation of the vulnerability leads to proxying traffic to an arbitrary server.
How to mitigate CVE-2016-4694
Update to 5.2.