VDB

GCVE-110-MAGEIA-2016-312

GCVE-110-MAGEIA-2016-312
Advisory Published
Vulnetix · Advisory published September 21, 2016
Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue (CVE-2016-5388).

Affected Products

VendorProductVersionsPlatforms
Mageiatomcat0 (affected), 7.0.68-1.3.mga5 (unaffected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›