[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2016-0312":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":20,"modified_at":21,"state":9,"summary":22,"references_raw":24,"kevs":41,"epss":9,"epss_history":42,"metrics":43,"affected":44},"MGASA-2016-0312","Updated tomcat packages fix security vulnerability\n\nApache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC\n3875 section 4.1.18 and therefore does not protect applications from the\npresence of untrusted client data in the HTTP_PROXY environment variable,\nwhich might allow remote attackers to redirect an application's outbound\nHTTP traffic to an arbitrary proxy server via a crafted Proxy header in an\nHTTP request, aka an \"httpoxy\" issue (CVE-2016-5388).\n",null,[],[],[],[14],{"_key":15},"CVE-2016-5388",[],[],[19],{"_key":15},"2016-09-21T20:38:22Z","2026-04-16T06:25:33.956976781Z",{"cisa_kev":23,"cisa_ransomware":23,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[25,31,36],{"url":26,"sources":27,"tags":29},"https://advisories.mageia.org/MGASA-2016-0312.html",[28],"osv_mageia",[30],"Advisory",{"url":32,"sources":33,"tags":34},"https://bugs.mageia.org/show_bug.cgi?id=19306",[28],[35],"REPORT",{"url":37,"sources":38,"tags":39},"http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html",[28],[35,40],"WEB",[],[],[],[45],{"ecosystem":46,"name":47,"vendor":48,"product":47,"cpe_part":9,"purl_type":49,"purl_namespace":48,"purl_name":47,"source":9,"versions":50},"Mageia","tomcat","mageia","rpm",[51],{"version":52,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":55,"version_end_type":56,"fixed_in":9},"lt7_0_68_1_3_mga5",true,"ecosystem","7.0.68-1.3.mga5","excluding"]