Bug 1353809 (CVE-2016-5388)
| Summary: | CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | alee, anemec, bbaranow, bmaxwell, cdewolf, chazlett, coolsvap, csutherl, dandread, darran.lofthouse, dosoudil, enagai, fnasser, geiger.david68210, huwang, ivan.afonichev, jawilson, jclere, jdoyle, jshepherd, kseifried, lgao, mbabacek, myarboro, pgier, psakar, pslavice, rnetuka, rsvoboda, sardella, security-response-team, trick, twalsh, vtunka, weli, yozone | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: |
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-10-13 08:59:51 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1362210, 1362211, 1362212, 1362213, 1375581, 1375582 | ||||||
| Bug Blocks: | 1353762, 1358998 | ||||||
| Attachments: |
|
||||||
|
Description
Kurt Seifried
2016-07-08 04:28:24 UTC
Acknowledgments: Name: Scott Geary (VendHQ) This issue has been addressed in the following products: Red Hat JBoss Web Server 3.0.3 Via RHSA-2016:1624 https://rhn.redhat.com/errata/RHSA-2016-1624.html This issue has been addressed in the following products: Red Hat JBoss Web Server 3 for RHEL 7 Via RHSA-2016:1635 https://access.redhat.com/errata/RHSA-2016:1635 This issue has been addressed in the following products: Red Hat JBoss Web Server 3 for RHEL 6 Via RHSA-2016:1636 https://access.redhat.com/errata/RHSA-2016:1636 Created attachment 1199336 [details] tomcat-8.0.36-CVE-2016-5388.patch Hi, Applying this attached patch fixes this secutity issue from https://svn.apache.org/viewvc?view=revision&revision=1756941 Or also updating to latest 8.0.37 release. Regards, David Created tomcat tracking bugs for this issue: Affects: fedora-all [bug 1375581] Affects: epel-all [bug 1375582] This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2046 https://rhn.redhat.com/errata/RHSA-2016-2046.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:2045 https://rhn.redhat.com/errata/RHSA-2016-2045.html |