Lucene search

K

RedhatCVELIST:CVE-2015-7519

HistoryJan 08, 2016 - 7:00 p.m.

CVE-2015-7519

2016-01-0819:00:00

redhat

www.cve.org

4.2 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.

References

lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html

www.openwall.com/lists/oss-security/2015/12/07/1

www.openwall.com/lists/oss-security/2015/12/07/2

blog.phusion.nl/2015/12/07/cve-2015-7519/

bugzilla.suse.com/show_bug.cgi?id=956281

github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e

lists.debian.org/debian-lts-announce/2018/06/msg00007.html

puppet.com/security/cve/passenger-dec-2015-security-fixes

4.2 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

Related for CVELIST:CVE-2015-7519

nvd1 suse1 osv2 openvas3 github1 debiancve1 cve1 freebsd1 debian2 nessus3 ubuntucve1 prion1