Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-5386

Опубликовано: 19 июл. 2016
Источник: nvd
CVSS3: 8.1
CVSS2: 6.8
EPSS Высокий

Описание

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
Версия от 1.0 (включая) до 1.6.3 (исключая)
cpe:2.3:a:golang:go:1.7:rc1:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.88946
Высокий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

ubuntu логотип

CVE-2016-5386

CVSS3: 8.1
ubuntu
около 9 лет назад

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

redhat логотип

CVE-2016-5386

CVSS3: 5
redhat
около 9 лет назад

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

debian логотип

CVE-2016-5386

CVSS3: 8.1
debian
около 9 лет назад

The net/http package in Go through 1.6 does not attempt to address RFC ...

github логотип

GHSA-9hq4-732f-9vgf

CVSS3: 8.1
github
больше 3 лет назад

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

oracle-oval логотип

ELSA-2016-1538

oracle-oval
около 9 лет назад

ELSA-2016-1538: golang security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 99%
0.88946
Высокий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-284