Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:HTTP_PROXY-ATTACK |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
HTTP_PROXY Traffic Redirection |
Release Date |
2016/07/26 |
Update Number |
2762 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: HTTP_PROXY Traffic Redirection
This signature detects attempts to exploit a known vulnerability against HTTP_PROXY environment variable using the Proxy HTTP header. Multiple products which includes PHP, Go, Apache HTTP Server, Apache Tomcat, HHVM, Lighttpd, Nginx and Python are vulnerable. Attackers can control proxy variable using this vulnerability which potentially leads to a man-in-the-middle attack.
Extended Description
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
Affected Products
- Debian debian_linux 10
- Debian debian_linux 8.0
- Debian debian_linux 9.0
- Fedoraproject fedora 23
- Python python -
- Python python 0.9.0
- Python python 0.9.1
- Python python 1.2
- Python python 1.3
- Python python 1.5.2
- Python python 1.6
- Python python 1.6.1
- Python python 2.0
- Python python 2.0.1
- Python python 2.1
- Python python 2.1.1
- Python python 2.1.2
- Python python 2.1.3
- Python python 2.2
- Python python 2.2.0
- Python python 2.2.1
- Python python 2.2.2
- Python python 2.2.3
- Python python 2.3
- Python python 2.3.0
- Python python 2.3.1
- Python python 2.3.2
- Python python 2.3.3
- Python python 2.3.4
- Python python 2.3.5
- Python python 2.3.6
- Python python 2.3.7
- Python python 2.4
- Python python 2.4.0
- Python python 2.4.1
- Python python 2.4.2
- Python python 2.4.3
- Python python 2.4.4
- Python python 2.4.5
- Python python 2.4.6
- Python python 2.5
- Python python 2.5.0
- Python python 2.5.1
- Python python 2.5.150
- Python python 2.5.2
- Python python 2.5.3
- Python python 2.5.4
- Python python 2.5.5
- Python python 2.5.6
- Python python 2.6
- Python python 2.6.0
- Python python 2.6.1
- Python python 2.6.2
- Python python 2.6.2150
- Python python 2.6.3
- Python python 2.6.4
- Python python 2.6.5
- Python python 2.6.6
- Python python 2.6.6150
- Python python 2.6.7
- Python python 2.6.8
- Python python 2.6.9
- Python python 2.7
- Python python 2.7.0
- Python python 2.7.1
- Python python 2.7.10
- Python python 2.7.11
- Python python 2.7.2
- Python python 2.7.3
- Python python 2.7.4
- Python python 2.7.5
- Python python 2.7.6
- Python python 2.7.7
- Python python 2.7.8
- Python python 2.7.9
References
- CVE: CVE-2016-1000110
- CVE: CVE-2016-1000109
- CVE: CVE-2016-5385
- CVE: CVE-2016-5386
- CVE: CVE-2016-5387
- CVE: CVE-2016-5388