{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-10T17:32:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://httpoxy.org/"}, {"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000107"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.erlang.org/browse/ERL-198"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1000107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://httpoxy.org/", "refsource": "MISC", "url": "https://httpoxy.org/"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2016-1000107", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000107"}, {"name": "http://www.openwall.com/lists/oss-security/2016/07/18/6", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"name": "https://bugs.erlang.org/browse/ERL-198", "refsource": "MISC", "url": "https://bugs.erlang.org/browse/ERL-198"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:55:26.481Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://httpoxy.org/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000107"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.erlang.org/browse/ERL-198"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1000107", "datePublished": "2019-12-10T17:32:33", "dateReserved": "2016-07-18T00:00:00", "dateUpdated": "2024-08-06T03:55:26.481Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CAFFB6B-EA8F-40D5-BCA0-1A6CBA4BD0FD", "versionEndIncluding": "22.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."}, {"lang": "es", "value": "inets en Erlang posiblemente versi\u00f3n 22.1 y anteriores, siguen RFC secci\u00f3n 3875 versi\u00f3n 4.1.18 y, por lo tanto, no protegen las aplicaciones de la presencia de datos de clientes no seguros en la variable de entorno HTTP_PROXY, lo que podr\u00eda permitir a atacantes remotos redireccionar el tr\u00e1fico HTTP saliente de una aplicaci\u00f3n hacia un servidor proxy arbitrario por medio de un encabezado Proxy dise\u00f1ado en una petici\u00f3n HTTP, tambi\u00e9n se conoce como un problema \"httpoxy\"."}], "id": "CVE-2016-1000107", "lastModified": "2019-12-19T17:57:35.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-10T18:15:09.140", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.erlang.org/browse/ERL-198"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://httpoxy.org/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000107"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve", "id": "1824460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824460"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.", "A flaw was found in the Inets application in Erlang version 22.1 and possibly earlier, where it follows RFC 3875 section 4.1.18 and does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable. This flaw allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request."], "name": "CVE-2016-1000107", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "erlang", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Not affected", "package_name": "erlang", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:15", "fix_state": "Will not fix", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 15 (Stein)"}, {"cpe": "cpe:/a:redhat:openstack:16", "fix_state": "Will not fix", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 16 (Train)"}], "public_date": "2019-12-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1000107\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000107"], "statement": "Red Hat CloudFroms 5.10 ship affected Erlang package, however, CloudFroms uses it as a dependency for Ansible Tower and do not expose it anywhere in product. Furthermore, Ansible Tower does not pass environment variables to RabbitMQ or Erlang which makes it not affected.\nRed Hat OpenStack Platform ships the affected Erlang package, however it is only used as a dependency for RabbitMQ and is not exposed outside the management network. As this network is tightly-regulated to OpenStack administrators, the risk for abuse is significantly reduced.", "threat_severity": "Moderate"}