Namespace Conflict Vulnerability in HHVM by Facebook
CVE-2016-1000109
5.3MEDIUM
What is CVE-2016-1000109?
The HHVM product by Facebook is susceptible to a namespace conflict vulnerability that does not comply with RFC 3875 section 4.1.18. This security flaw allows attackers to manipulate the HTTP_PROXY environment variable, potentially redirecting a CGI application's outbound HTTP traffic to untrusted proxy servers. By sending a specially crafted Proxy header in HTTP requests, malicious actors can exploit this vulnerability, highlighting a significant risk for applications relying on HHVM versions affected by these issues.