SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache HTTPD Vendors:   Apache Software Foundation
(CentOS Issues Fix) Apache HTTPD CGI Application "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases
SecurityTracker Alert ID:  1036340
SecurityTracker URL:  http://securitytracker.com/id/1036340
CVE Reference:   CVE-2016-5387   (Links to External Site)
Date:  Jul 18 2016
Impact:   Disclosure of system information, Disclosure of user information, Host/resource access via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability reported in CGI applications that run on Apache HTTPD. A remote user can redirect the target CGI application requests to an arbitrary web proxy in certain cases.

On systems where the Apache HTTPD server is configured to proxy HTTP requests and the target CGI application relies on the HTTP_PROXY environment variable in a trusted manner, a remote user can send (or can conduct a man-in-the-middle attack to insert or modify) a specially crafted HTTP "Proxy:" header to cause the target CGI application to proxy HTTP connections to an arbitrary port on an arbitrary server. This can be exploited to set the HTTP_PROXY variable on the target CGI application server and cause CGI application server internal requests to be proxied, in certain cases.

The vulnerability resides in the CGI applications that use the HTTP_PROXY variable.

[Editor's note: This is not an Apache HTTPD vulnerability, per se. Rather, it is a vulnerability in CGI modules or applications that may run on Apache HTTPD or other web server platforms.]

Other CGI application platforms are affected.

The original advisory is available at:

https://httpoxy.org/

Dominic Scheirlinck and Scott Geary of Vend reported this vulnerability. Other researchers have reported aspects of this vulnerability affecting various applications since at least 2001.

Impact:   A remote user that can conduct a man-in-the-middle attack can redirect the target CGI application requests to an arbitrary web proxy in certain cases.
Solution:   CentOS has issued a fix.

i386:
ac324ee1118faf46ee81d043ab13428793816c78504177bd02be559ca45a0ad6 httpd-2.2.3-92.el5.centos.i386.rpm
7f507c251a02932b0530bcc9bbe3b684bcf333a8a55d159bd74ec45b907c7b74 httpd-devel-2.2.3-92.el5.centos.i386.rpm
9962fc21bb56a8db59b53c5a70cdbdb9288de76b4852cd93342d35edf99c93c4 httpd-manual-2.2.3-92.el5.centos.i386.rpm
193e7f1e8866422650c4fc3681ad7b8eb303ca94fbb271fc0f8e269da41ec44d mod_ssl-2.2.3-92.el5.centos.i386.rpm

x86_64:
89c1aceb70086393b296f085cb3c1aadb2236f53d91028d24b65756d5e5ec0e6 httpd-2.2.3-92.el5.centos.x86_64.rpm
7f507c251a02932b0530bcc9bbe3b684bcf333a8a55d159bd74ec45b907c7b74 httpd-devel-2.2.3-92.el5.centos.i386.rpm
68223ae197beab75b2a2f18595659c5f00a2abce6af6949439098b3307b81a55 httpd-devel-2.2.3-92.el5.centos.x86_64.rpm
c64e7002d0b3e256e58ebed1f1e298f47952ccb85d81bdd364e3970056993b9b httpd-manual-2.2.3-92.el5.centos.x86_64.rpm
5961b5567d7d8449ce917c2b0d3ce0c0bdcb268335d0a472b9600a33c99ce4d8 mod_ssl-2.2.3-92.el5.centos.x86_64.rpm

Source:
9797c288db36a2b5610c73d9334b932ad6be5b11f259389c4e8159bdeeec7912 httpd-2.2.3-92.el5.centos.src.rpm

i386:
7cfbd11f14fc880c3a658124c3124a3b4c26402790eef913f38c3468c0038922 httpd-2.2.15-54.el6.centos.i686.rpm
21388bbbc70030b07395f9f2eb7ede8c160afc19e5d661543ddd42ba53c2e8cf httpd-devel-2.2.15-54.el6.centos.i686.rpm
4cfb8a97a60511a419c6b8e46f9eacfb6f702831ca3567313f927209b6fa5e39 httpd-manual-2.2.15-54.el6.centos.noarch.rpm
1a6a381d445b88f636453f7c7d039517adccac56aef9dc03127ce46e8e284246 httpd-tools-2.2.15-54.el6.centos.i686.rpm
7b187e5603d64d06f1983e96934a8f6da181220033cf989d2aa56bdfd629b791 mod_ssl-2.2.15-54.el6.centos.i686.rpm

x86_64:
906becc435e278c73dfbdf10f4f1f704b7c1fff2963037c1e3b4a2eafd795f09 httpd-2.2.15-54.el6.centos.x86_64.rpm
21388bbbc70030b07395f9f2eb7ede8c160afc19e5d661543ddd42ba53c2e8cf httpd-devel-2.2.15-54.el6.centos.i686.rpm
a87645e89f72a6e9362e41251d3c1be797ce31a7b7a643f0fe506f3ab506acf2 httpd-devel-2.2.15-54.el6.centos.x86_64.rpm
4cfb8a97a60511a419c6b8e46f9eacfb6f702831ca3567313f927209b6fa5e39 httpd-manual-2.2.15-54.el6.centos.noarch.rpm
4935ca24dabd3a45f83518174ea1ab5b1b0c8d281cce4db5df04f52e5743fc9c httpd-tools-2.2.15-54.el6.centos.x86_64.rpm
94ae91901d174c21c68f50d638027ecf4ab14aba483f7294107af9192b2adfb1 mod_ssl-2.2.15-54.el6.centos.x86_64.rpm

Source:
5c7a92dbb6c6503be4ccd1e270c6ce96c42c61dcafc4495fe7f2c66d2c06f7cd httpd-2.2.15-54.el6.centos.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5, 6

Message History:   This archive entry is a follow-up to the message listed below.
Jul 18 2016 Apache HTTPD CGI Application "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:1421 Important CentOS 6 httpd Security Update


CentOS Errata and Security Advisory 2016:1421 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1421.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
7cfbd11f14fc880c3a658124c3124a3b4c26402790eef913f38c3468c0038922  httpd-2.2.15-54.el6.centos.i686.rpm
21388bbbc70030b07395f9f2eb7ede8c160afc19e5d661543ddd42ba53c2e8cf  httpd-devel-2.2.15-54.el6.centos.i686.rpm
4cfb8a97a60511a419c6b8e46f9eacfb6f702831ca3567313f927209b6fa5e39  httpd-manual-2.2.15-54.el6.centos.noarch.rpm
1a6a381d445b88f636453f7c7d039517adccac56aef9dc03127ce46e8e284246  httpd-tools-2.2.15-54.el6.centos.i686.rpm
7b187e5603d64d06f1983e96934a8f6da181220033cf989d2aa56bdfd629b791  mod_ssl-2.2.15-54.el6.centos.i686.rpm

x86_64:
906becc435e278c73dfbdf10f4f1f704b7c1fff2963037c1e3b4a2eafd795f09  httpd-2.2.15-54.el6.centos.x86_64.rpm
21388bbbc70030b07395f9f2eb7ede8c160afc19e5d661543ddd42ba53c2e8cf  httpd-devel-2.2.15-54.el6.centos.i686.rpm
a87645e89f72a6e9362e41251d3c1be797ce31a7b7a643f0fe506f3ab506acf2  httpd-devel-2.2.15-54.el6.centos.x86_64.rpm
4cfb8a97a60511a419c6b8e46f9eacfb6f702831ca3567313f927209b6fa5e39  httpd-manual-2.2.15-54.el6.centos.noarch.rpm
4935ca24dabd3a45f83518174ea1ab5b1b0c8d281cce4db5df04f52e5743fc9c  httpd-tools-2.2.15-54.el6.centos.x86_64.rpm
94ae91901d174c21c68f50d638027ecf4ab14aba483f7294107af9192b2adfb1  mod_ssl-2.2.15-54.el6.centos.x86_64.rpm

Source:
5c7a92dbb6c6503be4ccd1e270c6ce96c42c61dcafc4495fe7f2c66d2c06f7cd  httpd-2.2.15-54.el6.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC