Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   nginx Vendors:
nginx CGI Application "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases
SecurityTracker Alert ID:  1036334
SecurityTracker URL:
CVE Reference:   CVE-2016-1000105   (Links to External Site)
Date:  Jul 18 2016
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in CGI applications that run on nginx. A remote user can redirect the target CGI application requests to an arbitrary web proxy in certain cases.

On systems where the Nginx server is configured to proxy HTTP requests and the target CGI application relies on the HTTP_PROXY environment variable in a trusted manner, a remote user can send (or can conduct a man-in-the-middle attack to insert or modify) a specially crafted HTTP "Proxy:" header to cause the target CGI application to proxy HTTP connections to an arbitrary port on an arbitrary server. This can be exploited to set the HTTP_PROXY variable on the target CGI application server and cause CGI application server internal requests to be proxied, in certain cases.

The vulnerability resides in the CGI applications that use the HTTP_PROXY variable.

[Editor's note: This is not an Nginx vulnerability, per se. Rather, it is a vulnerability in CGI modules or applications that may run on Nginx or other web server platforms.]

Other CGI application platforms are affected.

The original advisory is available at:

Dominic Scheirlinck and Scott Geary of Vend reported this vulnerability. Other researchers have reported aspects of this vulnerability affecting various applications since at least 2001.

Impact:   A remote user can cause target CGI application requests to be proxied to an arbitrary web proxy in certain cases.
Solution:   The vendor has provided instructions to mitigate affected applications in their advisory.

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC