SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache HTTPD Vendors:   Apache Software Foundation
(CentOS Issues Fix) Apache HTTPD CGI Application "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases
SecurityTracker Alert ID:  1036341
SecurityTracker URL:  http://securitytracker.com/id/1036341
CVE Reference:   CVE-2016-5387   (Links to External Site)
Date:  Jul 18 2016
Impact:   Disclosure of system information, Disclosure of user information, Host/resource access via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability reported in CGI applications that run on Apache HTTPD. A remote user can redirect the target CGI application requests to an arbitrary web proxy in certain cases.

On systems where the Apache HTTPD server is configured to proxy HTTP requests and the target CGI application relies on the HTTP_PROXY environment variable in a trusted manner, a remote user can send (or can conduct a man-in-the-middle attack to insert or modify) a specially crafted HTTP "Proxy:" header to cause the target CGI application to proxy HTTP connections to an arbitrary port on an arbitrary server. This can be exploited to set the HTTP_PROXY variable on the target CGI application server and cause CGI application server internal requests to be proxied, in certain cases.

The vulnerability resides in the CGI applications that use the HTTP_PROXY variable.

[Editor's note: This is not an Apache HTTPD vulnerability, per se. Rather, it is a vulnerability in CGI modules or applications that may run on Apache HTTPD or other web server platforms.]

Other CGI application platforms are affected.

The original advisory is available at:

https://httpoxy.org/

Dominic Scheirlinck and Scott Geary of Vend reported this vulnerability. Other researchers have reported aspects of this vulnerability affecting various applications since at least 2001.

Impact:   A remote user that can conduct a man-in-the-middle attack can redirect the target CGI application requests to an arbitrary web proxy in certain cases.
Solution:   CentOS has issued a fix.

x86_64:
045c43a0da2efc68117105e9018c475dc4cbb90a98aeb06542973ce953af1040 httpd-2.4.6-40.el7.centos.4.x86_64.rpm
16550ea80cc0241c3e25fece54a8ee4592fa1183056d8b72f0cd82278817554e httpd-devel-2.4.6-40.el7.centos.4.x86_64.rpm
9db85efe6e5a599a11eb853e9133e7f2e07b32cb5029c8f360bd8b9664ba31c8 httpd-manual-2.4.6-40.el7.centos.4.noarch.rpm
b2f351116f23f0bef4293f62430cf6028d5b174823af5d1e53ad4c86c70ac14b httpd-tools-2.4.6-40.el7.centos.4.x86_64.rpm
388627215a1cf1cea9eac7ced702226998663154b63d10e93399a31ca3591f7e mod_ldap-2.4.6-40.el7.centos.4.x86_64.rpm
9f3104a304983a1ccf7fac98abca9a0ca411624d7ee2c998c8f1db5efb94c5b5 mod_proxy_html-2.4.6-40.el7.centos.4.x86_64.rpm
cbdf94bb93b19fb4f4dbe452a3b2b2988e028bde5376782a0ec0185815b9a893 mod_session-2.4.6-40.el7.centos.4.x86_64.rpm
3f72250641bc96c5c190e933b496352c65318474492806b99ed0cab4cdbefd9d mod_ssl-2.4.6-40.el7.centos.4.x86_64.rpm

Source:
fc08ade63965c80e7ae80bcaef7cbbb496d76ec3e8e03409b1a223af657ef98f httpd-2.4.6-40.el7.centos.4.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Jul 18 2016 Apache HTTPD CGI Application "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:1422 Important CentOS 7 httpd Security Update


CentOS Errata and Security Advisory 2016:1422 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1422.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
045c43a0da2efc68117105e9018c475dc4cbb90a98aeb06542973ce953af1040  httpd-2.4.6-40.el7.centos.4.x86_64.rpm
16550ea80cc0241c3e25fece54a8ee4592fa1183056d8b72f0cd82278817554e  httpd-devel-2.4.6-40.el7.centos.4.x86_64.rpm
9db85efe6e5a599a11eb853e9133e7f2e07b32cb5029c8f360bd8b9664ba31c8  httpd-manual-2.4.6-40.el7.centos.4.noarch.rpm
b2f351116f23f0bef4293f62430cf6028d5b174823af5d1e53ad4c86c70ac14b  httpd-tools-2.4.6-40.el7.centos.4.x86_64.rpm
388627215a1cf1cea9eac7ced702226998663154b63d10e93399a31ca3591f7e  mod_ldap-2.4.6-40.el7.centos.4.x86_64.rpm
9f3104a304983a1ccf7fac98abca9a0ca411624d7ee2c998c8f1db5efb94c5b5  mod_proxy_html-2.4.6-40.el7.centos.4.x86_64.rpm
cbdf94bb93b19fb4f4dbe452a3b2b2988e028bde5376782a0ec0185815b9a893  mod_session-2.4.6-40.el7.centos.4.x86_64.rpm
3f72250641bc96c5c190e933b496352c65318474492806b99ed0cab4cdbefd9d  mod_ssl-2.4.6-40.el7.centos.4.x86_64.rpm

Source:
fc08ade63965c80e7ae80bcaef7cbbb496d76ec3e8e03409b1a223af657ef98f  httpd-2.4.6-40.el7.centos.4.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC