Article ID: 129398, created on Sep 12, 2016, last review on Oct 24, 2016

  • Applies to:
  • Operations Automation 7.0
  • Operations Automation 6.0
  • Operations Automation 5.5

Symptoms

HTTPoxy is a set of vulnerabilities that affect application code running in CGI environments also known as #CVE-2016-5387.

Odin Automation system components are confirmed to be protected from the issue. However web hosting remains affected .

If a vulnerable HTTP client makes an outgoing HTTP connection, while running in a server-side CGI application, an attacker may be able to proxy the outgoing HTTP requests made by the web application and direct them to an address of their choosing.

Additional information could obtained through httpoxy information website.

Cause

Issue comes from specifics of implementation of proxy handling:

  1. According to RFC 3875, webserver puts the HTTP Proxy header from a request into the environment variable HTTP_PROXY.
  2. HTTP_PROXY is a popular environment variable which is used to configure an outgoing proxy by many applications.

Therefore, attacker could change value for HTTP_PROXY variable via simple HTTP request.

Resolution

Linux Shared Hosting NG

Update httpd on all webservers using yum utility:

# yum update httpd

Corresponding fixes have already been provided by Apache and CloudLinux.

Legacy Linux Shared Hosting

Additional configuration should be performed on each webserver. In files:

/usr/local/pem/etc/apache/httpd.conf_pem.tmpl22x 
/usr/local/pem/etc/apache/httpd.conf_pem

Apply the changes described in the article:

# add the following line
# before first <DIRECTORY /> declaration block
RequestHeader unset Proxy early

So result will look like below:

ENABLESENDFILE Off
RequestHeader unset Proxy early
<DIRECTORY />

Then restart pemhttpd service:

# /etc/init.d/pemhttpd restart

Windows Shared Hosting

Apply solution from the following article.

External references

Article on Redhat customer portal

HTTPoxy dedicated website

Search Words

proxy redirect

httpoxy

CVE-2016-5387

security vulnerability

5b048d9bddf8048a00aba7e0bdadef37 caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e 0871c0b47b3b86ae3b1af4c2942cd0ce 1941880841f714e458ae4dc3d9f3062d 956c448bddc7e1f3585373687602379f 6f1456866eed87488c0f02b298a741c0

Email subscription for changes to this article
Save as PDF