Vulnerability-Lookup

RHSA-2016_1851

Vulnerability from csaf_redhat - Published: 2016-09-12 16:57 - Updated: 2024-11-14 20:47

Summary

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP 2.4.6 Service Pack 1 security update

Severity

Important

Notes

Topic: Updated packages are available for Red Hat Enterprise Linux 6 and 7 that provide Red Hat JBoss Core Services Service Pack 1 fixing one security issue. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server. Security Fix(es): * It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, Apache HTTP Server will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2016-5387

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

5.0 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. https://access.redhat.com/errata/RHSA-2016:1851

References

URL

Category

	https://access.redhat.com/errata/RHSA-2016:1851	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1353755	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2016-5387	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1353755	external
	https://www.cve.org/CVERecord?id=CVE-2016-5387	external
	https://nvd.nist.gov/vuln/detail/CVE-2016-5387	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://httpoxy.org/	external
	https://www.apache.org/security/asf-httpoxy-respo…	external

Acknowledgments

VendHQ Scott Geary

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated packages are available for Red Hat Enterprise Linux 6 and 7 that provide Red Hat JBoss Core Services Service Pack 1 fixing one security issue.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server.\n\nSecurity Fix(es):\n\n* It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387)\n\nNote: After this update, Apache HTTP Server will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable.\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:1851",
        "url": "https://access.redhat.com/errata/RHSA-2016:1851"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/httpoxy",
        "url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
      },
      {
        "category": "external",
        "summary": "1353755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353755"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1851.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP 2.4.6 Service Pack 1 security update",
    "tracking": {
      "current_release_date": "2024-11-14T20:47:21+00:00",
      "generator": {
        "date": "2024-11-14T20:47:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2016:1851",
      "initial_release_date": "2016-09-12T16:57:52+00:00",
      "revision_history": [
        {
          "date": "2016-09-12T16:57:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-09-12T16:57:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T20:47:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services on RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Core Services on RHEL 7 Server",
                  "product_id": "7Server-JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services on RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Core Services on RHEL 6 Server",
                  "product_id": "6Server-JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.6-77.SP1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.6-77.SP1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.6-77.SP1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.6-77.SP1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.6-77.SP1.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.6-77.SP1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-zip@2.4.6-77.SP1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.6-77.SP1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-src-zip@2.4.6-77.SP1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.6-77.SP1.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.6-77.SP1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.6-77.SP1.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.6-77.SP1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.6-77.SP1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.6-77.SP1.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-src-zip@2.4.6-77.SP1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-zip@2.4.6-77.SP1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.6-77.SP1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.6-77.SP1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.6-77.SP1.jbcs.el6?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.6-77.SP1.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.6-77.SP1.jbcs.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch",
                "product": {
                  "name": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch",
                  "product_id": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.6-77.SP1.jbcs.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch",
                "product": {
                  "name": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch",
                  "product_id": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.6-77.SP1.jbcs.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.6-77.SP1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-src-zip@2.4.6-77.SP1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.6-77.SP1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.6-77.SP1.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.6-77.SP1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.6-77.SP1.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.6-77.SP1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-zip@2.4.6-77.SP1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.6-77.SP1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.6-77.SP1.jbcs.el6?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch"
        },
        "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch"
        },
        "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Scott Geary"
          ],
          "organization": "VendHQ"
        }
      ],
      "cve": "CVE-2016-5387",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2016-07-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1353755"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTPD: sets environmental variable based on user supplied Proxy request header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5387"
        },
        {
          "category": "external",
          "summary": "RHBZ#1353755",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353755"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5387",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5387"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/httpoxy",
          "url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
        },
        {
          "category": "external",
          "summary": "https://httpoxy.org/",
          "url": "https://httpoxy.org/"
        },
        {
          "category": "external",
          "summary": "https://www.apache.org/security/asf-httpoxy-response.txt",
          "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
        }
      ],
      "release_date": "2016-07-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-09-12T16:57:52+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1851"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el6.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.6-77.SP1.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-src-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-zip-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.6-77.SP1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.6-77.SP1.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTPD: sets environmental variable based on user supplied Proxy request header"
    }
  ]
}

CVE-2016-5387 (GCVE-0-2016-5387)

Vulnerability from cvelistv5 – Published: 2016-07-19 01:00 – Updated: 2024-08-06 01:00

Summary

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.securitytracker.com/id/1036330	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2016:1420	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1635	vendor-advisoryx_refsource_REDHAT
	https://support.apple.com/HT208221	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91816	vdb-entryx_refsource_BID
	https://access.redhat.com/errata/RHSA-2016:1851	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3038-1	vendor-advisoryx_refsource_UBUNTU
	http://www.kb.cert.org/vuls/id/797896	third-party-advisoryx_refsource_CERT-VN
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1648.html	vendor-advisoryx_refsource_REDHAT
	https://www.tenable.com/security/tns-2017-04	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1625.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3623	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-1649.html	vendor-advisoryx_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1422	vendor-advisoryx_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1421	vendor-advisoryx_refsource_REDHAT
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://rhn.redhat.com/errata/RHSA-2016-1650.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-1624.html	vendor-advisoryx_refsource_REDHAT
	https://www.apache.org/security/asf-httpoxy-respo…	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://httpoxy.org/	x_refsource_MISC
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201701-36	vendor-advisoryx_refsource_GENTOO
	https://access.redhat.com/errata/RHSA-2016:1636	vendor-advisoryx_refsource_REDHAT
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.apache.org/thread.html/56c2e7cc9deb…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/84a3714f0878…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/8d63cb8e9100…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/f7f95ac1cd98…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r57608dc51b7…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd18c3c43602…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re3d27b6250a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rfbaf647d52c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9ea3538f229…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc998b18880d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/re1e3a24664d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r04e89e873d5…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rdca61ae9906…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rcc44594d4d6…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb14daf9cc4e…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rad01d817195…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd336919f655…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r476d175be0a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r75cbe9ea3e2…	mailing-listx_refsource_MLIST

Date Public ?

2016-07-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036330",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036330"
          },
          {
            "name": "RHSA-2016:1420",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1420"
          },
          {
            "name": "RHSA-2016:1635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "91816",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91816"
          },
          {
            "name": "RHSA-2016:1851",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1851"
          },
          {
            "name": "USN-3038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3038-1"
          },
          {
            "name": "VU#797896",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/797896"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "openSUSE-SU-2016:1824",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "RHSA-2016:1648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-04"
          },
          {
            "name": "RHSA-2016:1625",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
          },
          {
            "name": "DSA-3623",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3623"
          },
          {
            "name": "RHSA-2016:1649",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
          },
          {
            "name": "RHSA-2016:1422",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1422"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
          },
          {
            "name": "RHSA-2016:1421",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1421"
          },
          {
            "name": "FEDORA-2016-a29c65b00f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
          },
          {
            "name": "RHSA-2016:1650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
          },
          {
            "name": "RHSA-2016:1624",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
          },
          {
            "name": "FEDORA-2016-df0726ae26",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpoxy.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "GLSA-201701-36",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-36"
          },
          {
            "name": "RHSA-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1636"
          },
          {
            "name": "FEDORA-2016-9fd9bfab9e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
          },
          {
            "name": "FEDORA-2016-683d0b257b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.  NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:11:53.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1036330",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036330"
        },
        {
          "name": "RHSA-2016:1420",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1420"
        },
        {
          "name": "RHSA-2016:1635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "91816",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91816"
        },
        {
          "name": "RHSA-2016:1851",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1851"
        },
        {
          "name": "USN-3038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3038-1"
        },
        {
          "name": "VU#797896",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/797896"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "openSUSE-SU-2016:1824",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "RHSA-2016:1648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-04"
        },
        {
          "name": "RHSA-2016:1625",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
        },
        {
          "name": "DSA-3623",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3623"
        },
        {
          "name": "RHSA-2016:1649",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
        },
        {
          "name": "RHSA-2016:1422",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1422"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
        },
        {
          "name": "RHSA-2016:1421",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1421"
        },
        {
          "name": "FEDORA-2016-a29c65b00f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
        },
        {
          "name": "RHSA-2016:1650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
        },
        {
          "name": "RHSA-2016:1624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
        },
        {
          "name": "FEDORA-2016-df0726ae26",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpoxy.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "GLSA-201701-36",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-36"
        },
        {
          "name": "RHSA-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1636"
        },
        {
          "name": "FEDORA-2016-9fd9bfab9e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
        },
        {
          "name": "FEDORA-2016-683d0b257b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-5387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.  NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036330",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036330"
            },
            {
              "name": "RHSA-2016:1420",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1420"
            },
            {
              "name": "RHSA-2016:1635",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1635"
            },
            {
              "name": "https://support.apple.com/HT208221",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208221"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
            },
            {
              "name": "91816",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91816"
            },
            {
              "name": "RHSA-2016:1851",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1851"
            },
            {
              "name": "USN-3038-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3038-1"
            },
            {
              "name": "VU#797896",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/797896"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "openSUSE-SU-2016:1824",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "RHSA-2016:1648",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-04"
            },
            {
              "name": "RHSA-2016:1625",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
            },
            {
              "name": "DSA-3623",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3623"
            },
            {
              "name": "RHSA-2016:1649",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
            },
            {
              "name": "RHSA-2016:1422",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1422"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
            },
            {
              "name": "RHSA-2016:1421",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1421"
            },
            {
              "name": "FEDORA-2016-a29c65b00f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
            },
            {
              "name": "RHSA-2016:1650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
            },
            {
              "name": "RHSA-2016:1624",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
            },
            {
              "name": "https://www.apache.org/security/asf-httpoxy-response.txt",
              "refsource": "CONFIRM",
              "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
            },
            {
              "name": "FEDORA-2016-df0726ae26",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
            },
            {
              "name": "https://httpoxy.org/",
              "refsource": "MISC",
              "url": "https://httpoxy.org/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "GLSA-201701-36",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-36"
            },
            {
              "name": "RHSA-2016:1636",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1636"
            },
            {
              "name": "FEDORA-2016-9fd9bfab9e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
            },
            {
              "name": "FEDORA-2016-683d0b257b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-5387",
    "datePublished": "2016-07-19T01:00:00.000Z",
    "dateReserved": "2016-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:00:59.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2016_1851

CVE-2016-5387 (GCVE-0-2016-5387)

Tags

Sightings

Nomenclature