Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-1000107

Опубликовано: 10 дек. 2019
Источник: debian
EPSS Низкий

Описание

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
erlangfixed1:27.3.4.3+dfsg-1package

Примечания

  • https://bugs.erlang.org/browse/ERL-198

  • https://github.com/erlang/otp/security/advisories/GHSA-wrj5-4mmp-gvr8

  • Fixed by (merge): https://github.com/erlang/otp/commit/13b092a06ab9fad685890d0e963ad8095d0f31ec (OTP-28.0.4)

  • Fixed by (merge): https://github.com/erlang/otp/commit/5b7b1484e839663b7cc013ef6ad80c38a4c611a3 (OTP-27.3.4.3)

  • Fixed by (merge): https://github.com/erlang/otp/commit/1dfd13d2f4bea6c21ad3b6b950ecf791a329c9a3 (OTP-26.2.5.15)

  • No part of Erlang does set HTTP_PROXY based on a Proxy: header, just hardening

EPSS

Процентиль: 67%
0.00531
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-1000107

CVSS3: 6.1
ubuntu
около 6 лет назад

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

redhat логотип

CVE-2016-1000107

CVSS3: 6.1
redhat
около 6 лет назад

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

nvd логотип

CVE-2016-1000107

CVSS3: 6.1
nvd
около 6 лет назад

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

github логотип

GHSA-v875-g963-fhg4

CVSS3: 6.1
github
больше 3 лет назад

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

EPSS

Процентиль: 67%
0.00531
Низкий