#VU64586 Improper access control


Published: 2022-06-22

Vulnerability identifier: #VU64586

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-5388

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Tomcat
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable. A remote attacker can redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache Tomcat: 7.0.0 - 7.0.70, 8.0.0 - 8.0.5


CPE

External links
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
http://rhn.redhat.com/errata/RHSA-2016-1624.html
http://rhn.redhat.com/errata/RHSA-2016-2045.html
http://rhn.redhat.com/errata/RHSA-2016-2046.html
http://www.kb.cert.org/vuls/id/797896
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.securityfocus.com/bid/91818
http://www.securitytracker.com/id/1036331
http://access.redhat.com/errata/RHSA-2016:1635
http://access.redhat.com/errata/RHSA-2016:1636
http://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://httpoxy.org/
http://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
http://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d@%3Cissues.activemq.apache.org%3E
http://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E
http://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd@%3Cusers.tomcat.apache.org%3E
http://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102@%3Cusers.tomcat.apache.org%3E
http://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39@%3Cusers.tomcat.apache.org%3E
http://lists.debian.org/debian-lts-announce/2019/08/msg00015.html
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
http://www.apache.org/security/asf-httpoxy-response.txt


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability