Critical severity9.1NVD Advisory· Published Sep 25, 2016· Updated Jun 17, 2026
CVE-2016-4694
CVE-2016-4694
Description
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <10.12
Patches
Vulnerability mechanics
References
6- lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00009.htmlnvdMailing ListVendor Advisory
- support.apple.com/HT207170nvdVendor Advisory
- support.apple.com/HT207171nvdVendor Advisory
- www.securityfocus.com/bid/93060nvd
- www.securitytracker.com/id/1036853nvd
News mentions
0No linked articles in our index yet.