Bug 1360638 (CVE-2016-1000212) - CVE-2016-1000212 lighttpd: sets environmental variable based on user supplied Proxy request header
Summary: CVE-2016-1000212 lighttpd: sets environmental variable based on user supplied...
Alias: CVE-2016-1000212
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1360640 1360641
TreeView+ depends on / blocked
Reported: 2016-07-27 08:42 UTC by Adam Mariš
Modified: 2019-09-29 13:54 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-07-27 08:43:34 UTC

Attachments (Terms of Use)

Description Adam Mariš 2016-07-27 08:42:41 UTC
Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTP_PROXY” environmental variable based on the header value. When this variable is used (in many cases automatically by various HTTP client libraries) any outgoing requests generated in turn from the attackers original request can be redirected to an attacker controlled proxy. This allows attackers to view potentially sensitive information, reply with malformed data, or to hold connections open causing a potential denial of service.

lighttpd fix:


Comment 1 Adam Mariš 2016-07-27 08:43:07 UTC
Created lighttpd tracking bugs for this issue:

Affects: fedora-all [bug 1360640]
Affects: epel-all [bug 1360641]

Note You need to log in before you can comment on or make changes to this bug.