Main Vulnerability Database SB2016092131

SB2016092131 - Traffic proxy in Apple MAC OS X

Published: September 21, 2016 Updated: January 6, 2017

Security Bulletin ID SB2016092131

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Traffic proxy (CVE-ID: CVE-2016-4694)

The vulnerability allows a remote user to proxy traffic to an arbitrary server.
The weakness exists due to usage of variable HTTP_PROXY by macOS Server CGI applications. Under the influence of specially crafted and sent HTTP "Proxy:" the target CGI application may proxy HTTP connections to an arbitrary port on an arbitrary server.
Successful exploitation of the vulnerability leads to proxying traffic to an arbitrary server.

Remediation

Install update from vendor's website.

References

https://support.apple.com/en-us/HT207171
https://support.apple.com/kb/HT207170