CVE-2016-4694 - OpenCVE

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Os X Server

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:os_x_server::::::::

References

Link	Resource
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html	Mailing List Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html	Mailing List Vendor Advisory
http://www.securityfocus.com/bid/93060
http://www.securitytracker.com/id/1036853
https://support.apple.com/HT207170	Vendor Advisory
https://support.apple.com/HT207171	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2016-09-25T10:00:00

Updated: 2017-07-29T09:57:01

Reserved: 2016-05-11T00:00:00

Link: CVE-2016-4694

JSON object: View

NVD Information

Status : Modified

Published: 2016-09-25T10:59:03.450

Modified: 2017-07-30T01:29:04.240

Link: CVE-2016-4694

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-29T09:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "93060", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93060"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT207171"}, {"name": "APPLE-SA-2016-09-20", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"}, {"name": "1036853", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036853"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT207170"}, {"name": "APPLE-SA-2016-09-20-4", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2016-4694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93060", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93060"}, {"name": "https://support.apple.com/HT207171", "refsource": "CONFIRM", "url": "https://support.apple.com/HT207171"}, {"name": "APPLE-SA-2016-09-20", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"}, {"name": "1036853", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036853"}, {"name": "https://support.apple.com/HT207170", "refsource": "CONFIRM", "url": "https://support.apple.com/HT207170"}, {"name": "APPLE-SA-2016-09-20-4", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2016-4694", "datePublished": "2016-09-25T10:00:00", "dateReserved": "2016-05-11T00:00:00", "dateUpdated": "2017-07-29T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEEAF544-405E-4A75-9206-5CC4EDCE2F05", "versionEndIncluding": "10.11.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "172EFA7C-8DFB-4CB8-8B54-048A51438C79", "versionEndIncluding": "5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387."}, {"lang": "es", "value": "El Apache HTTP Server en Apple OS X en versiones anteriores a 10.12 y OS X Server en versiones anteriores a 5.2 sigue a la secci\u00f3n 4.1.18 del RFC 3875 y por lo tanto no protege aplicaciones de la presencia de datos de cliente CGI no confiables en el entorno variable HTTP_PROXY, lo que podr\u00eda permitir a atacantes remotos redireccionar el tr\u00e1fico HTTP fuera de rango de una aplicaci\u00f3n a un servidor proxy arbitrario a trav\u00e9s de una cabecera Proxy manipulada en una petici\u00f3n HTTP, problema tambi\u00e9n conocido como \"httpoxy\", un problema relacionado con CVE-2016-5387."}], "id": "CVE-2016-4694", "lastModified": "2017-07-30T01:29:04.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-25T10:59:03.450", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/93060"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1036853"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT207170"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT207171"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}