BSA-2017-115
21326
19 July 2018
07 February 2017
Closed
High
8.1
N/A
CVE-2016-5387
Summary Security Advisory ID : BSA-2017-115 Component : Apache HTTPD Revision : 2.0: Final
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
Version |
Change |
Date |
---|---|---|
1.0 |
Initial Publication |
Feb 7, 2017 |
2.0 |
Updated for Fabric OS |
July 19, 2018 |