Drupal Core – Highly Critical – Injection Vulnerability – SA-CORE-2016-003

by CIRT Team

Description: httpoxy is a set of vulnerabilities that affect application code running in CGI or CGI-like environments. It comes down to a simple namespace conflict:

1. RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
2. HTTP_PROXY is a popular environment variable used to configure an outgoing proxy

Impact: Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use.

Mitigation: Vendor has released new version. Upgrade to Drupal core 8.1.7

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
• https://www.drupal.org/SA-CORE-2016-003
• https://httpoxy.org/

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts