VDB
GCVE-110-MAGEIA-2016-312
GCVE-110-MAGEIA-2016-312
Advisory Published
Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC
3875 section 4.1.18 and therefore does not protect applications from the
presence of untrusted client data in the HTTP_PROXY environment variable,
which might allow remote attackers to redirect an application's outbound
HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an
HTTP request, aka an "httpoxy" issue (CVE-2016-5388).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | tomcat | 0 (affected), 7.0.68-1.3.mga5 (unaffected) | — |
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.