How severe is CVE-2016-1000109?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2016-1000109?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2016-1000109 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).

Related Vulnerabilities

CVE-2018-2934

MEDIUM

CVSS:5.3(Medium)

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 12.1.3. Easily exploita...

CWE-6652018

CVE-2020-25578

MEDIUM

CVSS:5.3(Medium)

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_...

CWE-6652020

CVE-2020-9775

MEDIUM

CVSS:5.3(Medium)

An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private br...

CWE-6652020

CVE-2022-22164

MEDIUM

CVSS:5.3(Medium)

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet serv...

CWE-6652022

CVE-2023-40349

MEDIUM

CVSS:5.3(Medium)

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

CWE-6652023

CVE-2024-31157

MEDIUM

CVSS:5.3(Medium)

Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CWE-6652024