Is Access Manager susceptible to HTTPOXY vulnerability (CVE-2016-5387)

  • 7017856
  • 19-Jul-2016
  • 19-Jul-2016


NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
Access Manager Access Gateway Appliance and service


The HTTPPOXY ( vulnerability was recently reported.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:

  • RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
  • HTTP_PROXY is a popular environment variable used to configure an outgoing proxy
This leads to a remotely exploitable vulnerability.

Is the Apache from Access Gateway vulnerable?


The Access Gateway does not use this environment variable and is therefor not vulnerable.