vulnerability

Ubuntu: USN-3038-1 (CVE-2016-5387): Apache HTTP Server vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jul 18, 2016	Jul 18, 2016	Apr 14, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jul 18, 2016

Added

Jul 18, 2016

Modified

Apr 14, 2025

Description

It was discovered that the Apache HTTP Server would set the HTTP_PROXY
environment variable based on the contents of the Proxy header from HTTP
requests. A remote attacker could possibly use this issue in combination
with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing
HTTP requests.

Solutions

ubuntu-upgrade-apache2-2-binubuntu-upgrade-apache2-bin

References

CVE-2016-5387
https://attackerkb.com/topics/CVE-2016-5387
DEBIAN-DLA-553-1
DEBIAN-DSA-3623
DISA_SEVERITY-Category I
IAVM-2016-B-0160
IAVM-2017-A-0010
NVD-CVE-2016-5387
UBUNTU-USN-3038-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today