Lucene search
F5F5:K07112184HistoryJul 27, 2016 - 12:00 a.m.
K07112184 : HHVM vulnerability CVE-2016-1000109
2016-07-2700:00:00
my.f5.com
9
Security Advisory Description
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive). (CVE-2016-1000109)
Impact
There is no impact; F5 products are not affected by this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 |
Related
prion
prion
Design/Logic Flaw
2020-02-19 13:15:00
ubuntucve
ubuntucve
CVE-2016-1000109
2020-02-19 00:00:00
cve
cve
CVE-2016-1000109
2020-02-19 13:15:10
f5
f5
SOL07112184 - HHVM vulnerability CVE-2016-1000109
2016-07-27 00:00:00
nvd
nvd
CVE-2016-1000109
2020-02-19 13:15:10
osv
osv
CVE-2016-1000109
2020-02-19 13:15:10
cvelist
cvelist
CVE-2016-1000109
2020-02-19 12:38:56
cert
cert
checkpoint_advisories
checkpoint_advisories
nessus
nessus
HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)
2016-07-25 00:00:00
threatpost
threatpost
CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack
2016-07-18 18:00:46
impervablog
impervablog
Python and Go Top the Chart of 2019’s Most Popular Hacking Tools
2020-05-27 09:22:21
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS
2021-01-29 14:20:22