PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
2016-07-19T02:00:17.773
2025-04-12T10:46:40.837
Deferred
CVSSv3.1: 8.1 (HIGH)
AV:N/AC:H/Au:N/C:P/I:P/A:P
4.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | oracle | communications_user_data_repository | 10.0.0 | Yes |
| Application | oracle | communications_user_data_repository | 10.0.1 | Yes |
| Application | oracle | communications_user_data_repository | 12.0.0 | Yes |
| Application | oracle | enterprise_manager_ops_center | 12.2.2 | Yes |
| Application | oracle | enterprise_manager_ops_center | 12.3.2 | Yes |
| Operating System | oracle | linux | 6 | Yes |
| Operating System | oracle | linux | 7 | Yes |
| Operating System | fedoraproject | fedora | 23 | Yes |
| Operating System | fedoraproject | fedora | 24 | Yes |
| Operating System | hp | storeever_msl6480_tape_library_firmware | ≤ 5.09 | Yes |
| Hardware | hp | storeever_msl6480_tape_library | - | No |
| Application | hp | system_management_homepage | ≤ 7.5.5.0 | Yes |
| Application | php | php | < 5.5.38 | Yes |
| Application | php | php | < 5.6.24 | Yes |
| Application | php | php | ≤ 7.0.8 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | opensuse | leap | 42.1 | Yes |
| Application | drupal | drupal | < 8.1.7 | Yes |