CVE-2016-1000107

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-1000107
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000107.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-1000107
Downstream
Related
Published
2019-12-10T18:15:09.140Z
Modified
2026-04-10T03:32:32.823951Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

References

Affected packages

Git / github.com/erlang/otp

Affected ranges

Type
GIT
Repo
https://github.com/erlang/otp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e62a389ce5dd27e7b26802243a5565ffd1feaef0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "22.1"
        }
    ]
}

Affected versions

OTP-17.*
OTP-17.0
OTP-18.*
OTP-18.0
OTP-18.0-rc1
OTP-19.*
OTP-19.0
OTP-19.0-rc1
OTP-19.0-rc2
OTP-20.*
OTP-20.0
OTP-20.0-rc1
OTP-20.0-rc2
OTP-21.*
OTP-21.0
OTP-21.0-rc1
OTP-21.0-rc2
OTP-22.*
OTP-22.0
OTP-22.0-rc1
OTP-22.0-rc2
OTP-22.0-rc3
OTP-22.1
OTP_17.*
OTP_17.0-rc1
OTP_17.0-rc2
Other
OTP_R13B03
OTP_R13B04
OTP_R14A
OTP_R14B
OTP_R14B01
OTP_R14B02
OTP_R14B03
OTP_R15A
OTP_R15B
OTP_R16A_RELEASE_CANDIDATE
OTP_R16B

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000107.json"