[3.5] Go: sets environmental variable based on user supplied Proxy request header (CVE-2016-5386)
Many software projects and vendors have implemented support for the
“Proxy” request header in their respective CGI implementations and
languages by creating the “HTTP_PROXY”
environmental variable based on the header value. When this variable is
used (in many cases automatically by various HTTP client libraries) any
outgoing requests generated in turn
from the attackers original request can be redirected to an attacker
controlled proxy. This allows attackers to view potentially sensitive
information, reply with malformed data,
or to hold connections open causing a potential denial of service.
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-5386
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5386
(from redmine: issue id 5931, created on 2016-07-20, closed on 2016-07-20)
- Relations:
- parent #5930 (closed)