CVE-2016-1000105

Publication date 31 January 2020

Last updated 4 August 2025

Ubuntu priority

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
nginx	16.10 yakkety	Ignored
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Ignored
	12.04 LTS precise	Ignored

How can I get the fixes?
What do statuses mean?

Notes

seth-arnold

The nginx team considers this a flaw in the environments in question; they recommend configuration settings to prevent a Proxy: header from being passed through to FastCGI or similar: fastcgi_param HTTP_PROXY ""; proxy_set_header Proxy ""; The nginx team blog post also shows how to log malicious attempts to exploit this issue.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
https://www.cve.org/CVERecord?id=CVE-2016-1000105