Details of VAR-201609-0260

ID

VAR-201609-0260

CVE

CVE-2016-4694

TITLE

Apple OS X and OS X Server of Apache HTTP Server Application outbound HTTP Vulnerability that redirects traffic to an arbitrary proxy server

Trust: 0.8

sources: JVNDB: JVNDB-2016-004955

DESCRIPTION

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. This vulnerability "httpoxy" Is called a problem. This vulnerability CVE-2016-5387 And related issues. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple Mac OS X and Mac OS X Server are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. This issue was addressed by not setting the HTTP_PROXY environment variable from CGI. CVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend ServerDocs Server Available for: macOS 10.12 Sierra Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a supported cipher. CVE-2016-4754 : Pepi Zawodsky macOS Server 5.2 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4YD4AAoJEIOj74w0bLRGbWQP+gOZSLCIIprhLJ6wLJp1Hbb+ gxS09PZJSp32xDnmyMdzcKUFsQ8UfO9iSZBs7Yge8nAjQLxKt/dlopXZPIg4t4GY qSx1wOZ3yj+74LBnhEG/KVeibl8JH9MJEnhWMB9cwMbnQnROc72F418R+Ic8QPXg 4t4tgKWYWR+vS2Gx+FOvIat68siUjsU8G9jvs3wqKbTzuicDEFCDoK9MYQRdcV6Z fluIN4qFb3z0tJihq9WrZlkiARPe5cf8or1aynDpPNSxmMnJV+wv5xnbqx7kPOcE cuqhmy3SUn40jbIFPzuXmnypn1MDS9RxU6T2w/o3EU71h+w5ImLE86MlTEQPVmJJ fapPvjPSqe6iNA7o4sXZ9dfodZtfP9v6fxuoUqfoYRRTIoYECYk2MzhEUfxe64VE f17H0suurHhXuBDF5Q3k6yO5zoijwq7A3sGv9Kgq6lPuBgKWYqJY14t7YVx81Myi yUbAfXqErypxvCgrX2/AO/ItEPK5DlDK555DbWjd01Jnfy2ckae7W6lBulfYgMNG SP6j1KdgM+aH4Av2JxgBxPXoBnUzGZYnEbc4iy/17GzQruAmU0q59wm4XhzC/84W 5m9Ti+tDODPGqJpYFytB11z9X8Jtj9zK0F4T/+QHQO/BJbWLZzbYWrd3jslOIb1W iGD5h8KmNhjoS3LLutKE =HbXq -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2016-4694 // JVNDB: JVNDB-2016-004955 // BID: 93060 // VULHUB: VHN-93513 // VULMON: CVE-2016-4694 // PACKETSTORM: 138794

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 1.4
vendor:	apple	model:	os x server	scope:	lte	version:	5.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.6	Trust: 1.0
vendor:	apple	model:	macos server	scope:	lt	version:	5.2 (macos sierra 10.12)	Trust: 0.8
vendor:	apple	model:	os x server	scope:	eq	version:	5.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x5.0.15	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x5.0.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x4.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x2.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x2.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x2.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x2.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x2.1.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x4.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x4.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x2.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	macos server	scope:	ne	version:	5.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12	Trust: 0.3

sources: BID: 93060 // JVNDB: JVNDB-2016-004955 // CNNVD: CNNVD-201609-488 // NVD: CVE-2016-4694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4694
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-4694
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201609-488
value:	HIGH
Trust: 0.6
VULHUB:	VHN-93513
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-4694
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-4694
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-93513
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4694
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93513 // VULMON: CVE-2016-4694 // JVNDB: JVNDB-2016-004955 // CNNVD: CNNVD-201609-488 // NVD: CVE-2016-4694

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-93513 // JVNDB: JVNDB-2016-004955 // NVD: CVE-2016-4694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-488

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201609-488

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004955

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-93513

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-09-20 macOS Sierra 10.12	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html	Trust: 0.8
title:	APPLE-SA-2016-09-20-4 macOS Server 5.2	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html	Trust: 0.8
title:	HT207171	url:	https://support.apple.com/en-us/HT207171	Trust: 0.8
title:	HT207170	url:	https://support.apple.com/en-us/HT207170	Trust: 0.8
title:	HT207170	url:	https://support.apple.com/ja-jp/HT207170	Trust: 0.8
title:	HT207171	url:	https://support.apple.com/ja-jp/HT207171	Trust: 0.8
title:	Apple OS X and OS X Server Apache HTTP Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64354	Trust: 0.6
title:	Apple: macOS Server 5.2	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e43da3314b76935ab942480a3937fdb9	Trust: 0.1
title:	Apple: macOS Sierra 10.12	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=56fe8957a503c1b7b6f00fbd6d759042	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/apple-squashes-68-security-bugs-with-sierra-release/120738/	Trust: 0.1

sources: VULMON: CVE-2016-4694 // JVNDB: JVNDB-2016-004955 // CNNVD: CNNVD-201609-488

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4694	Trust: 3.0
db:	BID	id:	93060	Trust: 2.1
db:	SECTRACK	id:	1036853	Trust: 1.2
db:	JVN	id:	JVNVU90950877	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004955	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-488	Trust: 0.7
db:	PACKETSTORM	id:	138794	Trust: 0.2
db:	VULHUB	id:	VHN-93513	Trust: 0.1
db:	VULMON	id:	CVE-2016-4694	Trust: 0.1

sources: VULHUB: VHN-93513 // VULMON: CVE-2016-4694 // BID: 93060 // JVNDB: JVNDB-2016-004955 // PACKETSTORM: 138794 // CNNVD: CNNVD-201609-488 // NVD: CVE-2016-4694

REFERENCES

url:	http://www.securityfocus.com/bid/93060	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/sep/msg00009.html	Trust: 1.8
url:	https://support.apple.com/ht207170	Trust: 1.8
url:	https://support.apple.com/ht207171	Trust: 1.8
url:	http://www.securitytracker.com/id/1036853	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4694	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90950877/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4694	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.apple.com/server/macosx/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00006.html	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00009.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/284.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-apache-cve-2016-4694	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht207171	Trust: 0.1
url:	https://threatpost.com/apple-squashes-68-security-bugs-with-sierra-release/120738/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=48972	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4754	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4694	Trust: 0.1

sources: VULHUB: VHN-93513 // VULMON: CVE-2016-4694 // BID: 93060 // JVNDB: JVNDB-2016-004955 // PACKETSTORM: 138794 // CNNVD: CNNVD-201609-488 // NVD: CVE-2016-4694

CREDITS

Dominic Scheirlinck and Scott Geary of Vend

Trust: 0.9

sources: BID: 93060 // CNNVD: CNNVD-201609-488

SOURCES

db:	VULHUB	id:	VHN-93513
db:	VULMON	id:	CVE-2016-4694
db:	BID	id:	93060
db:	JVNDB	id:	JVNDB-2016-004955
db:	PACKETSTORM	id:	138794
db:	CNNVD	id:	CNNVD-201609-488
db:	NVD	id:	CVE-2016-4694

LAST UPDATE DATE

2025-04-13T20:07:49.702000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93513	date:	2017-07-30T00:00:00
db:	VULMON	id:	CVE-2016-4694	date:	2017-07-30T00:00:00
db:	BID	id:	93060	date:	2016-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-004955	date:	2016-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201609-488	date:	2016-09-26T00:00:00
db:	NVD	id:	CVE-2016-4694	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93513	date:	2016-09-25T00:00:00
db:	VULMON	id:	CVE-2016-4694	date:	2016-09-25T00:00:00
db:	BID	id:	93060	date:	2016-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-004955	date:	2016-09-30T00:00:00
db:	PACKETSTORM	id:	138794	date:	2016-09-20T15:04:44
db:	CNNVD	id:	CNNVD-201609-488	date:	2016-09-26T00:00:00
db:	NVD	id:	CVE-2016-4694	date:	2016-09-25T10:59:03.450