{"id":"MGASA-2016-0262","summary":"Updated apache packages fix security vulnerability","details":"It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI\nscripts, which in turn was incorrectly used by certain HTTP client\nimplementations to configure the proxy for outgoing HTTP requests. A\nremote attacker could possibly use this flaw to redirect HTTP requests\nperformed by a CGI script to an attacker-controlled proxy via a malicious\nHTTP request (CVE-2016-5387).\n","modified":"2026-04-16T00:12:38.904871237Z","published":"2016-07-26T21:16:28Z","upstream":["CVE-2016-5387"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0262.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18991"},{"type":"WEB","url":"https://httpoxy.org/"},{"type":"WEB","url":"https://access.redhat.com/security/vulnerabilities/httpoxy"},{"type":"WEB","url":"http://rhn.redhat.com/errata/RHSA-2016-1422.html"}],"affected":[{"package":{"name":"apache","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.10-16.4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0262.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}