ID F5:K92930514 Type f5 Reporter f5 Modified 2016-07-26T00:08:00
Description
F5 Product Development has evaluated the currently supported releases for potential vulnerability.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
Product| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature
---|---|---|---|---
BIG-IP LTM| None| 12.0.0 - 12.1.0
11.4.0 - 11.6.1
11.2.1
10.2.1 - 10.2.4| Not vulnerable| None
BIG-IP AAM| None| 12.0.0 - 12.1.0
11.4.0 - 11.6.1| Not vulnerable| None
BIG-IP AFM| None| 12.0.0 - 12.1.0
11.4.0 - 11.6.1| Not vulnerable| None
BIG-IP Analytics| None| 12.0.0 - 12.1.0
11.4.0 - 11.6.1
11.2.1| Not vulnerable| None
BIG-IP APM| None| 12.0.0 - 12.1.0
11.4.0 - 11.6.1
11.2.1
10.2.1 - 10.2.4| Not vulnerable| None
BIG-IP ASM| None| 12.0.0 - 12.1.0
11.4.0 - 11.6.1
11.2.1
10.2.1 - 10.2.4| Not vulnerable| None
BIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None
BIG-IP Edge Gateway| None| 11.2.1
10.2.1 - 10.2.4| Not vulnerable| None
BIG-IP GTM| None| 11.4.0 - 11.6.1
11.2.1
10.2.1 - 10.2.4| Not vulnerable| None
BIG-IP Link Controller| None| 12.0.0 - 12.1.0
11.4.0 - 11.6.1
11.2.1
10.2.1 - 10.2.4| Not vulnerable| None
BIG-IP PEM| None| 12.0.0 - 12.1.0
11.4.0 - 11.6.1| Not vulnerable| None
BIG-IP PSM| None| 11.4.0 - 11.4.1
10.2.1 - 10.2.4| Not vulnerable| None
BIG-IP WebAccelerator| None| 11.2.1
10.2.1 - 10.2.4| Not vulnerable| None
BIG-IP WOM| None| 11.2.1
10.2.1 - 10.2.4| Not vulnerable| None
ARX| None| 6.2.0 - 6.4.0| Not vulnerable| None
Enterprise Manager| None| 3.1.1| Not vulnerable| None
FirePass| None| 7.0.0| Not vulnerable| None
BIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None
BIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None
BIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None
BIG-IQ ADC| None| 4.5.0| Not vulnerable| None
BIG-IQ Centralized Management| None| 5.0.0
4.6.0| Not vulnerable| None
BIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None
F5 iWorkflow| None| 2.0.0| Not vulnerable| None
LineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None
F5 MobileSafe| None| 1.0.0| Not vulnerable| None
F5 WebSafe| None| 1.0.0| Not vulnerable| None
Traffix SDC| None| 5.0.0
4.0.0 - 4.4.0| Not vulnerable| None
{"edition": 1, "title": "GO vulnerability CVE-2016-5386", "bulletinFamily": "software", "published": "2016-07-26T00:08:00", "lastseen": "2017-06-08T00:16:07", "modified": "2016-07-26T00:08:00", "reporter": "f5", "viewCount": 6, "href": "https://support.f5.com/csp/article/K92930514", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "affectedSoftware": [], "type": "f5", "references": [], "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2017-06-08T00:16:07", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-5386"]}, {"type": "f5", "idList": ["SOL92930514"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171129-01-HTTPPROXY"]}, {"type": "amazon", "idList": ["ALAS-2016-731"]}, {"type": "nessus", "idList": ["ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLELINUX_ELSA-2016-1538.NASL", "FEDORA_2016-EA5E284D34.NASL", "FEDORA_2016-340E361B90.NASL", "CENTOS_RHSA-2016-1538.NASL", "SL_20160803_GOLANG_ON_SL7_X.NASL", "REDHAT-RHSA-2016-1538.NASL", "OPENSUSE-2016-979.NASL", "HTTP_HTTPOXY.NASL", "ALA_ALAS-2016-731.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808719", "OPENVAS:1361412562310106641", "OPENVAS:1361412562310120720", "OPENVAS:1361412562310808726", "OPENVAS:1361412562310143972", "OPENVAS:1361412562310882533"]}, {"type": "fedora", "idList": ["FEDORA:ABF366060B60", "FEDORA:AE0456062BDB"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1538"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1EE86C629ABCD63B886F991BBE5E0A75"]}, {"type": "centos", "idList": ["CESA-2016:1538"]}, {"type": "redhat", "idList": ["RHSA-2016:1538"]}, {"type": "cert", "idList": ["VU:797896"]}, {"type": "threatpost", "idList": ["THREATPOST:29907254311441DFE8331A9706EE7EFA"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:461A7AC5896687E62024A8D8E5A3749D"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2017-3236622", "ORACLE:CPUJUL2017"]}], "modified": "2017-06-08T00:16:07", "rev": 2}, "vulnersScore": 5.9}, "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 6.8}, "cvelist": ["CVE-2016-5386"], "id": "F5:K92930514"}
{"cve": [{"lastseen": "2020-12-09T20:07:39", "description": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.", "edition": 6, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-19T02:00:00", "title": "CVE-2016-5386", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5386"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:fedoraproject:fedora:24", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:oracle:linux:7", "cpe:/a:golang:go:1.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:fedoraproject:fedora:23"], "id": "CVE-2016-5386", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5386", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:golang:go:1.6:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-29T13:23:44", "bulletinFamily": "software", "cvelist": ["CVE-2016-5386"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-07-25T00:00:00", "published": "2016-07-25T00:00:00", "id": "SOL92930514", "href": "http://support.f5.com/kb/en-us/solutions/public/k/92/sol92930514.html", "type": "f5", "title": "SOL92930514 - GO vulnerability CVE-2016-5386", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5386"], "description": "[1.6.3-1]\n- Resolves: rhbz#1358278 - CVE-2016-5386\n[1.6.2-1]\n- rebase to 1.6.2\n- Resolves: rhbz#1346331", "edition": 4, "modified": "2016-08-02T00:00:00", "published": "2016-08-02T00:00:00", "id": "ELSA-2016-1538", "href": "http://linux.oracle.com/errata/ELSA-2016-1538.html", "title": "golang security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5386"], "description": "The Go Programming Language. ", "modified": "2016-07-28T23:58:56", "published": "2016-07-28T23:58:56", "id": "FEDORA:AE0456062BDB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: golang-1.6.3-1.fc24", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5386"], "description": "The Go Programming Language. ", "modified": "2016-07-29T02:54:15", "published": "2016-07-29T02:54:15", "id": "FEDORA:ABF366060B60", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: golang-1.5.4-2.fc23", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310808726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808726", "type": "openvas", "title": "Fedora Update for golang FEDORA-2016-340e361b90", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for golang FEDORA-2016-340e361b90\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808726\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:38 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2016-5386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for golang FEDORA-2016-340e361b90\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"golang on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-340e361b90\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WGHKKCFP4PLVSWQKCM3FJJPEWB5ZNTU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.5.4~2.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:00:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "description": "Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts.", "modified": "2020-06-30T00:00:00", "published": "2020-05-26T00:00:00", "id": "OPENVAS:1361412562310143972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143972", "type": "openvas", "title": "Huawei Data Communication: A CGI application vulnerability in Some Huawei Products (huawei-sa-20171129-01-httpproxy)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/o:huawei:ar3200_firmware\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143972\");\n script_version(\"2020-06-30T16:53:05+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-30 16:53:05 +0000 (Tue, 30 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-26 03:19:08 +0000 (Tue, 26 May 2020)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2016-5386\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Huawei Data Communication: A CGI application vulnerability in Some Huawei Products (huawei-sa-20171129-01-httpproxy)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei\");\n script_dependencies(\"gb_huawei_vrp_network_device_consolidation.nasl\");\n script_mandatory_keys(\"huawei/vrp/detected\");\n\n script_tag(name:\"summary\", value:\"Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts.\");\n\n script_tag(name:\"insight\", value:\"Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request. (Vulnerability ID: HWPSIRT-2016-07052)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-5386.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request by exploit this vulnerability.\");\n\n script_tag(name:\"affected\", value:\"AR3200 versions V200R005C30 V200R005C32 V200R006C10 V200R006C11 V200R006C12 V200R006C13 V200R006C15 V200R006C16 V200R006C17 V200R007C00\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-httpproxy-en\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/o:huawei:ar3200_firmware\");\n\nif (!infos = get_app_version_from_list(cpe_list: cpe_list, nofork: TRUE))\n exit(0);\n\ncpe = infos[\"cpe\"];\nversion = toupper(infos[\"version\"]);\npatch = get_kb_item(\"huawei/vrp/patch\");\n\nif (cpe == \"cpe:/o:huawei:ar3200_firmware\") {\n if(version == \"V200R005C30\" || version == \"V200R005C32\" || version == \"V200R006C10\" || version == \"V200R006C11\" || version == \"V200R006C12\" || version == \"V200R006C13\" || version == \"V200R006C15\" || version == \"V200R006C16\" || version == \"V200R006C17\" || version == \"V200R007C00\") {\n if (!patch || version_is_less(version: patch, test_version: \"V200R008C50\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V200R008C50\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310808719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808719", "type": "openvas", "title": "Fedora Update for golang FEDORA-2016-ea5e284d34", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for golang FEDORA-2016-ea5e284d34\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808719\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:53 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2016-5386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for golang FEDORA-2016-ea5e284d34\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"golang on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ea5e284d34\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OR52UXGM6RKSCWF3KQMVZGVZVJ3WEESJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.6.3~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "description": "Check the version of golang", "modified": "2019-03-08T00:00:00", "published": "2016-08-08T00:00:00", "id": "OPENVAS:1361412562310882533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882533", "type": "openvas", "title": "CentOS Update for golang CESA-2016:1538 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for golang CESA-2016:1538 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882533\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-08 15:11:58 +0530 (Mon, 08 Aug 2016)\");\n script_cve_id(\"CVE-2016-5386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for golang CESA-2016:1538 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of golang\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The golang packages provide the\nGo programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es):\n\n * An input-validation flaw was discovered in the Go programming language\nbuilt in CGI implementation, which set the environment variable\n'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header. The\nenvironment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for HTTP\nand, in some cases, HTTPS requests. This meant that when a CGI-based web\napplication ran, an attacker could specify a proxy server which the\napplication then used for subsequent outgoing requests, allowing a\nman-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.\");\n script_tag(name:\"affected\", value:\"golang on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1538\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-August/022005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-bin\", rpm:\"golang-bin~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-docs\", rpm:\"golang-docs~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-misc\", rpm:\"golang-misc~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-src\", rpm:\"golang-src~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-tests\", rpm:\"golang-tests~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:57:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120720", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-731)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120720\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:19 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-731)\");\n script_tag(name:\"insight\", value:\"An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable HTTP_PROXY using the incoming Proxy HTTP-request header. The environment variable HTTP_PROXY is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.\");\n script_tag(name:\"solution\", value:\"Run yum update golang to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-731.html\");\n script_cve_id(\"CVE-2016-5386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"golang-bin\", rpm:\"golang-bin~1.5.3~1.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.5.3~1.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-docs\", rpm:\"golang-docs~1.5.3~1.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-src\", rpm:\"golang-src~1.5.3~1.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-tests\", rpm:\"golang-tests~1.5.3~1.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-misc\", rpm:\"golang-misc~1.5.3~1.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5388", "CVE-2016-5386", "CVE-2016-5387", "CVE-2106-5388"], "description": "WatchGuard Fireware XMT Web UI is prone to multiple vulnerabilities.", "modified": "2018-10-26T00:00:00", "published": "2017-03-13T00:00:00", "id": "OPENVAS:1361412562310106641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106641", "type": "openvas", "title": "WatchGuard Fireware XTM Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_watchguard_fireware_mult_vuln.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# WatchGuard Fireware XTM Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:watchguard:fireware';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106641\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-13 13:02:48 +0700 (Mon, 13 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2016-5387\", \"CVE-2016-5388\", \"CVE-2016-5386\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"WatchGuard Fireware XTM Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_snmp_os_detection.nasl\", \"gb_watchguard_fireware_detect.nasl\");\n script_mandatory_keys(\"watchguard_fireware/installed\");\n\n script_tag(name:\"summary\", value:\"WatchGuard Fireware XMT Web UI is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WatchGuard Fireware XMT Web UI is prone to multiple vulnerabilities:\n\n - Cross-Site Request Forgery vulnerability on the Fireware Web UI login page.\n\n - Multiple vulnerabilities in the ighttpd component used by Fireware. (CVE-2016-5387, CVE-2106-5388, and\nCVE-2016-5386)\n\n - Vulnerability in the Fireware Web UI that could allow an attacker to enumerate management user login IDs.\");\n\n script_tag(name:\"affected\", value:\"Version prior to 11.12.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 11.12.1 or later\");\n\n script_xref(name:\"URL\", value:\"https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_1/index.html#Fireware/en-US/resolved_issues.html%3FTocPath%3D_____13\");\n script_xref(name:\"URL\", value:\"https://www.korelogic.com/Resources/Advisories/KL-001-2017-004.txt\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"11.12.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"11.12.1\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:34:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5386"], "description": "**Issue Overview:**\n\nAn input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable \"HTTP_PROXY\" using the incoming \"Proxy\" HTTP-request header. The environment variable \"HTTP_PROXY\" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.\n\n \n**Affected Packages:** \n\n\ngolang\n\n \n**Issue Correction:** \nRun _yum update golang_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n golang-bin-1.5.3-1.22.amzn1.i686 \n golang-1.5.3-1.22.amzn1.i686 \n \n noarch: \n golang-docs-1.5.3-1.22.amzn1.noarch \n golang-src-1.5.3-1.22.amzn1.noarch \n golang-tests-1.5.3-1.22.amzn1.noarch \n golang-misc-1.5.3-1.22.amzn1.noarch \n \n src: \n golang-1.5.3-1.22.amzn1.src \n \n x86_64: \n golang-1.5.3-1.22.amzn1.x86_64 \n golang-bin-1.5.3-1.22.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-08-17T13:30:00", "published": "2016-08-17T13:30:00", "id": "ALAS-2016-731", "href": "https://alas.aws.amazon.com/ALAS-2016-731.html", "title": "Medium: golang", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2019-02-01T18:01:47", "bulletinFamily": "software", "cvelist": ["CVE-2016-5386"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2017-11-29T00:00:00", "published": "2017-11-29T00:00:00", "id": "HUAWEI-SA-20171129-01-HTTPPROXY", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-httpproxy-en", "title": "Security Advisory - A CGI application vulnerability in Some Huawei Products", "type": "huawei", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2020-09-14T18:23:21", "description": "The following packages have been upgraded to a newer upstream version:\ngolang (1.6.3).\n\nSecurity Fix(es) :\n\n - An input-validation flaw was discovered in the Go\n programming language built in CGI implementation, which\n set the environment variable 'HTTP_PROXY' using the\n incoming 'Proxy' HTTP-request header. The environment\n variable 'HTTP_PROXY' is used by numerous web clients,\n including Go's net/http package, to specify a proxy\n server to use for HTTP and, in some cases, HTTPS\n requests. This meant that when a CGI-based web\n application ran, an attacker could specify a proxy\n server which the application then used for subsequent\n outgoing requests, allowing a man-in- the-middle attack.\n (CVE-2016-5386)", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-04T00:00:00", "title": "Scientific Linux Security Update : golang on SL7.x x86_64 (20160803) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "modified": "2016-08-04T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:golang", "p-cpe:/a:fermilab:scientific_linux:golang-tests", "p-cpe:/a:fermilab:scientific_linux:golang-misc", "p-cpe:/a:fermilab:scientific_linux:golang-bin", "p-cpe:/a:fermilab:scientific_linux:golang-docs", "p-cpe:/a:fermilab:scientific_linux:golang-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160803_GOLANG_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/92722", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92722);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/25\");\n\n script_cve_id(\"CVE-2016-5386\");\n\n script_name(english:\"Scientific Linux Security Update : golang on SL7.x x86_64 (20160803) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a newer upstream version:\ngolang (1.6.3).\n\nSecurity Fix(es) :\n\n - An input-validation flaw was discovered in the Go\n programming language built in CGI implementation, which\n set the environment variable 'HTTP_PROXY' using the\n incoming 'Proxy' HTTP-request header. The environment\n variable 'HTTP_PROXY' is used by numerous web clients,\n including Go's net/http package, to specify a proxy\n server to use for HTTP and, in some cases, HTTPS\n requests. This meant that when a CGI-based web\n application ran, an attacker could specify a proxy\n server which the application then used for subsequent\n outgoing requests, allowing a man-in- the-middle attack.\n (CVE-2016-5386)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1608&L=scientific-linux-errata&F=&S=&P=3880\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?822f7702\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:13:09", "description": "This update addresses a security issue affecting code statically\nlinked with go :\n\n - CVE-2016-5386: A remote attacker could set the\n HTTP_PROXY environment variable via Proxy header\n (bsc#988487)", "edition": 20, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-12T00:00:00", "title": "openSUSE Security Update : go (openSUSE-2016-979) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "modified": "2016-08-12T00:00:00", "cpe": ["cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:go-debugsource", "p-cpe:/a:novell:opensuse:go-debuginfo", "p-cpe:/a:novell:opensuse:go", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-979.NASL", "href": "https://www.tenable.com/plugins/nessus/92933", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-979.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92933);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-5386\");\n\n script_name(english:\"openSUSE Security Update : go (openSUSE-2016-979) (httpoxy)\");\n script_summary(english:\"Check for the openSUSE-2016-979 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a security issue affecting code statically\nlinked with go :\n\n - CVE-2016-5386: A remote attacker could set the\n HTTP_PROXY environment variable via Proxy header\n (bsc#988487)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988487\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected go packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-1.4.3-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-debuginfo-1.4.3-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-debugsource-1.4.3-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"go-1.6.2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"go-debuginfo-1.6.2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"go-debugsource-1.6.2-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go / go-debuginfo / go-debugsource\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:19:24", "description": "An input-validation flaw was discovered in the Go programming language\nbuilt in CGI implementation, which set the environment variable\n'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header. The\nenvironment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack.", "edition": 28, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-18T00:00:00", "title": "Amazon Linux AMI : golang (ALAS-2016-731) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:golang-docs", "p-cpe:/a:amazon:linux:golang-misc", "p-cpe:/a:amazon:linux:golang-src", "p-cpe:/a:amazon:linux:golang-bin", "p-cpe:/a:amazon:linux:golang", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:golang-tests"], "id": "ALA_ALAS-2016-731.NASL", "href": "https://www.tenable.com/plugins/nessus/93009", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-731.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93009);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-5386\");\n script_xref(name:\"ALAS\", value:\"2016-731\");\n\n script_name(english:\"Amazon Linux AMI : golang (ALAS-2016-731) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input-validation flaw was discovered in the Go programming language\nbuilt in CGI implementation, which set the environment variable\n'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header. The\nenvironment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-731.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update golang' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"golang-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-bin-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-docs-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-misc-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-src-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-tests-1.5.3-1.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:00", "description": "Security fix for CVE-2016-5386 AKA https://httpoxy.org/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-29T00:00:00", "title": "Fedora 24 : golang (2016-ea5e284d34) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "modified": "2016-07-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:golang", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-EA5E284D34.NASL", "href": "https://www.tenable.com/plugins/nessus/92622", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ea5e284d34.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92622);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5386\");\n script_xref(name:\"FEDORA\", value:\"2016-ea5e284d34\");\n\n script_name(english:\"Fedora 24 : golang (2016-ea5e284d34) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-5386 AKA https://httpoxy.org/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea5e284d34\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://httpoxy.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"golang-1.6.3-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:06", "description": "Security fix for CVE-2016-5386 AKA https://httpoxy.org/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-29T00:00:00", "title": "Fedora 23 : golang (2016-340e361b90) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5386"], "modified": "2016-07-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:golang", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-340E361B90.NASL", "href": "https://www.tenable.com/plugins/nessus/92615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-340e361b90.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92615);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5386\");\n script_xref(name:\"FEDORA\", value:\"2016-340e361b90\");\n\n script_name(english:\"Fedora 23 : golang (2016-340e361b90) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-5386 AKA https://httpoxy.org/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-340e361b90\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://httpoxy.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"golang-1.5.4-2.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:06:36", "description": "An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.", "edition": 35, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-03T00:00:00", "title": "RHEL 7 : golang (RHSA-2016:1538) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3959", "CVE-2015-5740", "CVE-2016-5386", "CVE-2015-5741", "CVE-2015-5739"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:golang-bin", "p-cpe:/a:redhat:enterprise_linux:golang", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:golang-docs", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:golang-tests", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:golang-src", "p-cpe:/a:redhat:enterprise_linux:golang-misc", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/nessus/92693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1538. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92693);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"RHEL 7 : golang (RHSA-2016:1538) (httpoxy)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1538\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:41:36", "description": "From Red Hat Security Advisory 2016:1538 :\n\nAn update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.", "edition": 33, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-03T00:00:00", "title": "Oracle Linux 7 : golang (ELSA-2016-1538) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3959", "CVE-2015-5740", "CVE-2016-5386", "CVE-2015-5741", "CVE-2015-5739"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:golang-docs", "p-cpe:/a:oracle:linux:golang-bin", "p-cpe:/a:oracle:linux:golang", "p-cpe:/a:oracle:linux:golang-src", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:golang-misc", "p-cpe:/a:oracle:linux:golang-tests"], "id": "ORACLELINUX_ELSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/nessus/92687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:1538 and \n# Oracle Linux Security Advisory ELSA-2016-1538 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92687);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/09/27 13:00:37\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"Oracle Linux 7 : golang (ELSA-2016-1538) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:1538 :\n\nAn update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-August/006244.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:30:43", "description": "An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.", "edition": 36, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-03T00:00:00", "title": "CentOS 7 : golang (CESA-2016:1538) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3959", "CVE-2015-5740", "CVE-2016-5386", "CVE-2015-5741", "CVE-2015-5739"], "modified": "2016-08-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:golang", "p-cpe:/a:centos:centos:golang-tests", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:golang-src", "p-cpe:/a:centos:centos:golang-docs", "p-cpe:/a:centos:centos:golang-misc", "p-cpe:/a:centos:centos:golang-bin"], "id": "CENTOS_RHSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/nessus/92680", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1538 and \n# CentOS Errata and Security Advisory 2016:1538 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92680);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"CentOS 7 : golang (CESA-2016:1538) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-August/022005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e91e6b89\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5739\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:16:13", "description": "The web application running on the remote web server is affected by a\nman-in-the-middle vulnerability known as 'httpoxy' due to a failure to\nproperly resolve namespace conflicts in accordance with RFC 3875\nsection 4.1.18. The HTTP_PROXY environment variable is set based on\nuntrusted user data in the 'Proxy' header of HTTP requests. The\nHTTP_PROXY environment variable is used by some web client libraries\nto specify a remote proxy server. An unauthenticated, remote attacker\ncan exploit this, via a crafted 'Proxy' header in an HTTP request, to\nredirect an application's internal HTTP traffic to an arbitrary proxy\nserver where it may be observed or manipulated.", "edition": 27, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-25T00:00:00", "title": "HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5385", "CVE-2016-5388", "CVE-2016-5386", "CVE-2016-1000110", "CVE-2016-5387", "CVE-2016-1000109"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:php:php", "cpe:/a:python:python", "cpe:/a:apache:http_server", "cpe:/a:golang:go", "cpe:/a:drupal:drupal", "cpe:/a:apache:tomcat", "cpe:/a:facebook:hiphop_virtual_machine"], "id": "HTTP_HTTPOXY.NASL", "href": "https://www.tenable.com/plugins/nessus/92539", "sourceData": "#TRUSTED 7757ccc72c699faa2ffe9c4f53351ac4d80c4f292d805afa8fa959ac86adc1762d562e16fab11ec1c3ff2ec027c796ae1ae5ed062ea6900564a5cf9a7288adbbb6b9ec40295c81afb7810ecb667c55a0c16df845929d5127921d47071b6336f0a800a7e9e68f1953f750e12ec632198a5c923ad8933d507d85ce908845ef0b1c3e89e3150bf4a974352c465c88a0d34ead7741fef1cadcd8933a69108b202a418b934c032e82288550d8f91d178195c2aae763c68cf88085cab9cb8caf53082c99115ce156621b1605b4a4d31f2eceddf63f426b9c0450b348cd39cabf41c7d7bcfa0cd767f67bb82c0702c663df388eface6b8c2f7e9205c373d5505cdd44a3d30c71e6f4be459ee810cd07f1a8aac02d9c4f64e583c780313df4cadc99f4dad8450d96a05e295ede51b3d312072e29659f489d95fd639beb692f68a792be15028bf83193cb8cd2f23da0d5f6e58ddc512424b35629dbb316013edecd92a8639ce3f53795a555e24b6c005c5e52e38949f143ccf6adc71297aad9402441615920c5f80b3fa1346a93ff5e861f68bffde7edcf6015853a286ceafef4e1a4ba645d983e69df0e6dd787af4139233443f13f683b6dd7fb95cd74b848223e9dddcabaa1950b27ec5efc0db4ee45533db392681bc95a50424c7a55b9c845e2d718539a3459b1f9eead7fb59041798d00f8c83a8f7ea4f9f10e240d3a28e28b2f0f15\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92539);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-5385\",\n \"CVE-2016-5386\",\n \"CVE-2016-5387\",\n \"CVE-2016-5388\",\n \"CVE-2016-1000109\",\n \"CVE-2016-1000110\"\n );\n script_bugtraq_id(\n 91815,\n 91816,\n 91818,\n 91821\n );\n script_xref(name:\"CERT\", value:\"797896\");\n\n script_name(english:\"HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)\");\n script_summary(english:\"Checks if the web application responds to a crafted Proxy header in an HTTP request.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application is affected by a man-in-the-middle\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The web application running on the remote web server is affected by a\nman-in-the-middle vulnerability known as 'httpoxy' due to a failure to\nproperly resolve namespace conflicts in accordance with RFC 3875\nsection 4.1.18. The HTTP_PROXY environment variable is set based on\nuntrusted user data in the 'Proxy' header of HTTP requests. The\nHTTP_PROXY environment variable is used by some web client libraries\nto specify a remote proxy server. An unauthenticated, remote attacker\ncan exploit this, via a crafted 'Proxy' header in an HTTP request, to\nredirect an application's internal HTTP traffic to an arbitrary proxy\nserver where it may be observed or manipulated.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpoxy.org/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2016/q3/94\");\n script_set_attribute(attribute:\"solution\", value:\n\"Applicable libraries and products should be updated to address this\nvulnerability. Please consult the library or product vendor for\navailable updates.\n\nIf updating the libraries and products is not an option, or if updates\nare unavailable, filter 'Proxy' request headers on all inbound\nrequests.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:golang:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:drupal:drupal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:python:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:facebook:hiphop_virtual_machine\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default: 80);\n\nurls = make_list();\n\n# Fix for webmirror_uri \"no such table\" errors\ntable = query_scratchpad(\"SELECT name FROM sqlite_master where type = 'table' and name = 'webmirror_uri'\");\nif (empty_or_null(table)) exit(1, \"Unable to obtain webmirror_uri table from webmirror crawl.\");\n\n# Query Scratchpad for webmirror results with a status code of 200\n# and load results into urls list\nres = query_scratchpad(\"SELECT DISTINCT uri FROM webmirror_uri WHERE port = ? AND status_code = 200 ORDER BY uri ASC\", port);\nif (empty_or_null(res)) exit(1, 'Unable to obtain crawled URIs from webmirror scratchpad.');\n\n# Loop through filters to discard URLs we don't care about testing\ni = 0;\nforeach url (res)\n{\n if (\n # Filter out Apache directory listings page sorting\n url['uri'] !~ \"/\\?[CO]\\=[NDMSA](%|$)\" &&\n # Filter out static text files\n url['uri'] !~ \"\\.(md|js|css|scss|txt|csv|xml)($|\\?)\" &&\n # Filter out image files\n url['uri'] !~ \"\\.(gif|jpeg|jpg|png|svg|ttf|eot|woff|ico)($|\\?)\" &&\n # Filter out binary files\n url['uri'] !~ \"\\.(exe|zip|gz|tar)($|\\?)\" &&\n # Filter out document files\n url['uri'] !~ \"\\.(rtf|doc|docx|pdf|xls|xlt)($|\\?)\"\n )\n {\n # Strip any trailing args from URLs to get the url count down\n if (\"?\" >< url['uri'])\n url['uri'] = ereg_replace(pattern:\"(.*)\\?.*\", replace:\"\\1\", string:url['uri']);\n\n urls = make_list(urls, url['uri']);\n i++;\n }\n # If thorough_tests is not enabled, stop at 10 urls\n if (!thorough_tests && i > 10) break;\n}\n\n# If we have no URLs to check, bail out\nif (empty_or_null(urls))\n audit(AUDIT_WEB_FILES_NOT, \"dynamic content\", port);\n\nurls = list_uniq(urls);\nscanner_ip = compat::this_host();\ntarget_ip = get_host_ip();\npat = \"HTTP/1\\.(0|1)\";\nvuln = FALSE;\n\nforeach url (urls)\n{\n # If we get an empty url string, just go to the next\n if(empty_or_null(url)) continue;\n listener = bind_sock_tcp();\n if (!listener) audit(AUDIT_SOCK_FAIL, 'tcp', 'unknown');\n\n s_port = listener[1];\n s = listener[0];\n\n # Exploit is scanner's IP and our listener's socket in the Proxy header\n exploit = scanner_ip + ':' + s_port;\n v = http_mk_get_req(port: port, item: url, add_headers: make_array(\"Proxy\", exploit));\n req = http_mk_buffer_from_req(req: v);\n # We don't need to check the response we get back from the request's socket\n req = http_send_recv_buf(port:port, data:req);\n\n # When we have a successful attack, we won't get a response returned\n # to req, since the proxied request causes the server-side script to\n # pause execution and timeout without a response. Since we check for\n # NULL here, we can bypass the listener socket timeout for non-vuln\n # URLs to process through the URL queue faster.\n if(isnull(req))\n {\n # Instead we're more interested in if we get data on the listener socket\n soc = sock_accept(socket:s, timeout:3);\n res = recv(socket:soc, length:1024, timeout:3);\n close(s);\n }\n else\n {\n res = NULL;\n close(s);\n }\n\n if (!empty_or_null(res) && (res =~ pat))\n {\n vuln = TRUE;\n report = '\\nThe full request used to detect this flaw was :\\n\\n' +\n http_last_sent_request() +\n '\\n\\nThe server sent back the following data to the listener on port ' + s_port + ':\\n\\n' +\n res +\n '\\n';\n }\n\n # Stop after first vulnerable page is found\n if (vuln) break;\n}\n\nif (vuln)\n{\n security_report_v4(\n port : port,\n severity : SECURITY_WARNING,\n extra : report\n );\n exit(0);\n}\naudit(AUDIT_WEB_SERVER_NOT_AFFECTED, port);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-05T09:25:29", "description": "The version of Oracle Enterprise Manager Grid Control installed on\nthe remote host is missing a security patch. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A flaw exists in the Bouncy Castle Java library due to\n improper validation of a point within the elliptic\n curve. An unauthenticated, remote attacker can exploit\n this to obtain private keys by using a series of\n specially crafted elliptic curve Diffie-Hellman (ECDH)\n key exchanges, also known as an 'invalid curve attack.'\n (CVE-2015-7940)\n\n - A flaw exists in the PathTools module for Perl in the\n File::Spec::canonpath() function that is triggered as\n strings are returned as untainted even when passing\n tainted input. An unauthenticated, remote attacker can\n exploit this to pass unvalidated user input to sensitive\n or insecure areas. (CVE-2015-8607)\n\n - An overflow condition exists in Perl in the MapPathA()\n function due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-8608)\n\n - A remote code execution vulnerability exists in the\n Apache Struts component due to improper handling of\n multithreaded access to an ActionForm instance. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted multipart request, to execute\n arbitrary code or cause a denial of service condition.\n (CVE-2016-1181)\n\n - A flaw exists in Perl that is triggered during the\n handling of variables that appear twice in the\n environment (envp), causing the last value to appear in\n %ENV, while getenv would return the first. An\n unauthenticated, remote attacker can exploit this to\n cause variables to be incorrectly propagated to\n subprocesses, regardless of the protections offered by\n taint checking. (CVE-2016-2381)\n\n - A denial of service vulnerability exists in the Apache\n Commons FileUpload component due to improper handling of\n boundaries in content-type headers when handling file\n upload requests. An unauthenticated, remote attacker can\n exploit this to cause processes linked against the\n library to become unresponsive. (CVE-2016-3092)\n\n - A man-in-the-middle vulnerability exists in various\n components, known as 'httpoxy', due to a failure to\n properly resolve namespace conflicts in accordance with\n RFC 3875 section 4.1.18. The HTTP_PROXY environment\n variable is set based on untrusted user data in the\n 'Proxy' header of HTTP requests. The HTTP_PROXY\n environment variable is used by some web client\n libraries to specify a remote proxy server. An\n unauthenticated, remote attacker can exploit this, via a\n crafted 'Proxy' header in an HTTP request, to redirect\n an application's internal HTTP traffic to an arbitrary\n proxy server where it may be observed or manipulated.\n (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387,\n CVE-2016-5388)\n\n - A carry propagating error exists in the OpenSSL\n component in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An unauthenticated, remote\n attacker with sufficient resources can exploit this to\n obtain sensitive information regarding private keys.\n Moreover, the attacker would additionally need online\n access to an unpatched system using the target private\n key in a scenario with persistent DH parameters and a\n private key that is shared between multiple clients. For\n example, this can occur by default in OpenSSL DHE based\n SSL/TLS cipher suites. (CVE-2017-3732)\n\n - An unspecified flaw exists in the UI Framework component\n that allows authenticated, remote attacker to have an\n impact on integrity. (CVE-2017-10091)", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-20T00:00:00", "title": "Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5385", "CVE-2016-3092", "CVE-2015-8607", "CVE-2015-8608", "CVE-2016-5388", "CVE-2017-3732", "CVE-2016-5386", "CVE-2016-2381", "CVE-2017-10091", "CVE-2016-1181", "CVE-2016-5387", "CVE-2015-7940"], "modified": "2017-07-20T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager"], "id": "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/101837", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101837);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/04\");\n\n script_cve_id(\n \"CVE-2015-7940\",\n \"CVE-2015-8607\",\n \"CVE-2015-8608\",\n \"CVE-2016-1181\",\n \"CVE-2016-2381\",\n \"CVE-2016-3092\",\n \"CVE-2016-5385\",\n \"CVE-2016-5386\",\n \"CVE-2016-5387\",\n \"CVE-2016-5388\",\n \"CVE-2017-3732\",\n \"CVE-2017-10091\"\n );\n script_bugtraq_id(\n 79091,\n 80504,\n 83802,\n 86018,\n 91068,\n 91453,\n 91815,\n 91816,\n 91818,\n 91821,\n 95814,\n 99649\n );\n script_xref(name:\"CERT\", value:\"797896\");\n\n script_name(english:\"Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)\");\n script_summary(english:\"Checks for the patch ID.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Grid Control installed on\nthe remote host is missing a security patch. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A flaw exists in the Bouncy Castle Java library due to\n improper validation of a point within the elliptic\n curve. An unauthenticated, remote attacker can exploit\n this to obtain private keys by using a series of\n specially crafted elliptic curve Diffie-Hellman (ECDH)\n key exchanges, also known as an 'invalid curve attack.'\n (CVE-2015-7940)\n\n - A flaw exists in the PathTools module for Perl in the\n File::Spec::canonpath() function that is triggered as\n strings are returned as untainted even when passing\n tainted input. An unauthenticated, remote attacker can\n exploit this to pass unvalidated user input to sensitive\n or insecure areas. (CVE-2015-8607)\n\n - An overflow condition exists in Perl in the MapPathA()\n function due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-8608)\n\n - A remote code execution vulnerability exists in the\n Apache Struts component due to improper handling of\n multithreaded access to an ActionForm instance. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted multipart request, to execute\n arbitrary code or cause a denial of service condition.\n (CVE-2016-1181)\n\n - A flaw exists in Perl that is triggered during the\n handling of variables that appear twice in the\n environment (envp), causing the last value to appear in\n %ENV, while getenv would return the first. An\n unauthenticated, remote attacker can exploit this to\n cause variables to be incorrectly propagated to\n subprocesses, regardless of the protections offered by\n taint checking. (CVE-2016-2381)\n\n - A denial of service vulnerability exists in the Apache\n Commons FileUpload component due to improper handling of\n boundaries in content-type headers when handling file\n upload requests. An unauthenticated, remote attacker can\n exploit this to cause processes linked against the\n library to become unresponsive. (CVE-2016-3092)\n\n - A man-in-the-middle vulnerability exists in various\n components, known as 'httpoxy', due to a failure to\n properly resolve namespace conflicts in accordance with\n RFC 3875 section 4.1.18. The HTTP_PROXY environment\n variable is set based on untrusted user data in the\n 'Proxy' header of HTTP requests. The HTTP_PROXY\n environment variable is used by some web client\n libraries to specify a remote proxy server. An\n unauthenticated, remote attacker can exploit this, via a\n crafted 'Proxy' header in an HTTP request, to redirect\n an application's internal HTTP traffic to an arbitrary\n proxy server where it may be observed or manipulated.\n (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387,\n CVE-2016-5388)\n\n - A carry propagating error exists in the OpenSSL\n component in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An unauthenticated, remote\n attacker with sufficient resources can exploit this to\n obtain sensitive information regarding private keys.\n Moreover, the attacker would additionally need online\n access to an unpatched system using the target private\n key in a scenario with persistent DH parameters and a\n private key that is shared between multiple clients. For\n example, this can occur by default in OpenSSL DHE based\n SSL/TLS cipher suites. (CVE-2017-3732)\n\n - An unspecified flaw exists in the UI Framework component\n that allows authenticated, remote attacker to have an\n impact on integrity. (CVE-2017-10091)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2261562.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpoxy.org\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2017 Oracle Critical\nPatch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"install_func.inc\");\n\nproduct = \"Oracle Enterprise Manager Cloud Control\";\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nemchome = install['path'];\n\npatchid = NULL;\nmissing = NULL;\npatched = FALSE;\nfix = NULL;\n\nif (version =~ \"^13\\.2\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"25731746\";\n fix = \"13.2.0.0.170718\";\n}\nelse if (version =~ \"^13\\.1\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"25904755\";\n fix = \"13.1.0.0.170718\";\n}\nelse if (version =~ \"^12\\.1\\.0\\.5(\\.[0-9]+)?$\")\n{\n patchid = \"25904769\";\n fix = \"12.1.0.5.170718\";\n}\n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\n# compare version to check if we've already adjusted for patch level during detection\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);\n\n# Now look for the affected components\npatchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));\nif (isnull(patchesinstalled))\n missing = patchid;\nelse\n{\n foreach applied (keys(patchesinstalled[emchome]))\n {\n if (applied == patchid)\n {\n patched = TRUE;\n break;\n }\n else\n {\n foreach bugid (patchesinstalled[emchome][applied]['bugs'])\n {\n if (bugid == patchid)\n {\n patched = TRUE;\n break;\n }\n }\n if (patched) break;\n }\n }\n if (!patched)\n missing = patchid;\n}\n\nif (empty_or_null(missing))\n audit(AUDIT_HOST_NOT, 'affected');\n\norder = make_list('Product', 'Version', \"Missing patch\");\nreport = make_array(\n order[0], product,\n order[1], version,\n order[2], patchid\n);\nreport = report_items_str(report_items:report, ordered_fields:order);\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:39", "bulletinFamily": "software", "cvelist": ["CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387"], "description": "Multiple CVEs: httpoxy\n\n# \n\nLow\n\n# Vendor\n\nCloud Foundry\n\n# Versions Affected\n\n * Go Buildpack versions prior to 1.7.10\n * PHP Buildpack versions prior to 4.3.17\n\n# Description\n\nhttpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict which leads to a remotely exploitable vulnerability. httpoxy is a vulnerability for server-side web applications that may allow an attacker to proxy the outgoing HTTP requests made by the web application, direct the server to open outgoing connections to an address and port of their choosing, or tie up server resources by forcing the vulnerable software to use a malicious proxy.\n\nMultiple CVEs were released for httpoxy, including the following that affected Cloud Foundry.\n\n * CVE-2016-5385: PHP\n * CVE-2016-5386: Go\n * CVE-2016-5387: Apache HTTP Server\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * Upgrade the Go Buildpack to the latest version [2] and restage all applications that use automated buildpack detection.\n * Upgrade the PHP Buildpack to the latest version [3] and restage all applications that use automated buildpack detection.\n\n# References\n\n * [1] <https://httpoxy.org/>\n * [2] <https://github.com/cloudfoundry/go-buildpack/releases>\n * [3] [https://github.com/cloudfoundry/go-buildpack/releases](<https://github.com/cloudfoundry/php-buildpack/releases>)\n", "edition": 5, "modified": "2016-12-21T00:00:00", "published": "2016-12-21T00:00:00", "id": "CFOUNDRY:1EE86C629ABCD63B886F991BBE5E0A75", "href": "https://www.cloudfoundry.org/blog/httpoxy/", "title": "Multiple CVEs: httpoxy | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-12-11T13:31:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741", "CVE-2016-3959", "CVE-2016-5386"], "description": "The golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version: golang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es):\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable \"HTTP_PROXY\" using the incoming \"Proxy\" HTTP-request header. The environment variable \"HTTP_PROXY\" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "modified": "2018-04-12T03:32:51", "published": "2016-08-02T17:46:33", "id": "RHSA-2016:1538", "href": "https://access.redhat.com/errata/RHSA-2016:1538", "type": "redhat", "title": "(RHSA-2016:1538) Moderate: golang security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3959", "CVE-2015-5740", "CVE-2016-5386", "CVE-2015-5741", "CVE-2015-5739"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1538\n\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version: golang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es):\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable \"HTTP_PROXY\" using the incoming \"Proxy\" HTTP-request header. The environment variable \"HTTP_PROXY\" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/034043.html\n\n**Affected packages:**\ngolang\ngolang-bin\ngolang-docs\ngolang-misc\ngolang-src\ngolang-tests\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1538.html", "edition": 6, "modified": "2016-08-02T21:57:55", "published": "2016-08-02T21:57:55", "id": "CESA-2016:1538", "href": "http://lists.centos.org/pipermail/centos-announce/2016-August/034043.html", "title": "golang security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:41:57", "bulletinFamily": "info", "cvelist": ["CVE-2016-1000109", "CVE-2016-1000110", "CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387", "CVE-2016-5388"], "description": "### Overview \n\nWeb servers running in a CGI or CGI-like context may assign client request `Proxy` header values to internal `HTTP_PROXY` environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts.\n\n### Description \n\n[**CWE-807**](<https://cwe.mitre.org/data/definitions/807.html>)**: Reliance on Untrusted Inputs in a Security Decision, **[**CWE-454**](<https://cwe.mitre.org/data/definitions/454.html>)**: External Initialization of Trusted Variables or Data Stores**\n\nWeb servers running in a CGI or CGI-like context may assign client request `Proxy` header values to internal `HTTP_PROXY` environment variables. The vulnerable behavior is the result of a naming convention for meta-variables, defined in [RFC 3876](<https://tools.ietf.org/html/rfc3875>), which leads to a name collision: \"The HTTP header field name is converted to upper case, has all occurrences of \"-\" replaced with \"_\" and has \"HTTP_\" prepended to give the meta-variable name.\" \n \nAccording to the researchers, a web server is vulnerable if: \n\n\n 1. _A web server, programming language or framework (and in some limited situations the application itself) sets the environmental variable HTTP_PROXY from the user supplied Proxy header in the web request, or sets a similarly used variable (essentially when the request header turns from harmless data into a potentially harmful environmental variable)._\n 2. _A web application makes use of HTTP_PROXY or similar variable unsafely (e.g. fails to check the request type) resulting in an attacker controlled proxy being used (essentially when HTTP_PROXY is actually used unsafely)._\n \nBy sending a specially crafted request to a vulnerable server, a remote, unauthenticated attacker may be able to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts. For more information, refer to [httpoxy.org](<https://httpoxy.org/>). \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nWhere applicable, affected products and components should be updated to address this vulnerability. Check with vendors for information about patching. \n \nWhere patches are unavailable or updating is not an option, consider the following workarounds. \n \n--- \n \n**Filter **`**Proxy**`** request headers** \n \nThe researchers and community have identified several filtering strategies that are product-dependent: \n \n**Apache/CGI** \n \nIn this configuration, any language may be vulnerable (the `HTTP_PROXY` env var is \"real\"). If you are using `mod_headers` , you can unset the \"`Proxy`\" header with this directive: \n\n\n` RequestHeader unset Proxy` \nIf you are using `mod_security`, you can use a rule like (vary the action to taste): \n\n\n` SecRuleEngine On` \n` SecRule &REQUEST_HEADERS:Proxy \"@gt 0\"` \n` \"id:1000005,log,deny,msg:'httpoxy denied'\"` \nRefer to [Apache's response](<https://www.apache.org/security/asf-httpoxy-response.txt>) for more information. \n \n**HAProxy**\n\n \n` httprequest delheader Proxy` \n**lighttpd <= 1.4.40 (reject requests containing \"Proxy\" header)** \n \nCreate \"/path/to/deny-proxy.lua\", read-only to lighttpd, with content: \n\n\n` if (lighty.request[\"Proxy\"] == nil) then return 0 else return 403 end` \nModify lighttpd.conf to load mod_magnet and run lua code \n\n\n` server.modules += ( \"mod_magnet\" ) \nmagnet.attract-raw-url-to = ( \"/path/to/deny-proxy.lua\" )` \n**lighttpd2 (development) (strip \"Proxy\" header from request)** \n \nAdd to lighttpd.conf: \n\n\n` req_header.remove \"Proxy\";` \n**Nginx/FastCGI** \n \nUse this to block the `Proxy` header from being passed on to PHPFPM, PHPPM, etc. \n\n\n` fastcgi_param HTTP_PROXY ;` \n**Nginx with proxy_pass** \n \nThe following setting should work for people who are using \"proxy_pass\" with nginx:\n\n \n` ``proxy_set_header Proxy ;` \n \nMicrosoft has provided the following guidance for IIS servers utilizing affected third-party frameworks: \n \n**Microsoft IIS Mitigation steps:**` \n` \nUpdate `apphost.config` with the following rule:\n\n` \n<system.webServer>` \n` \n<rewrite> \n` \n` <rules> \n` \n` <rule name=3D\"Erase HTTP_PROXY\" patternSyntax=3D\"Wildcard\"> \n` \n` <match url=3D\"*.*\" /> \n` \n` <serverVariables> \n` \n` <set name=3D\"HTTP_PROXY\" value=3D /> \n` \n` </serverVariables> \n` \n` <action type=3D\"None\" /> \n` \n` </rule> \n` \n` </rules> \n` \n` </rewrite> \n` \n`</system.webServer>` \n--- \n \n### Vendor Information\n\n797896\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apache HTTP Server Project __ Affected\n\nNotified: July 12, 2016 Updated: July 18, 2016 \n\n**Statement Date: July 14, 2016**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe Apache Software Foundation has discovered no examples of condition 2 described in the [redacted] report, and has determined there is no \"vulnerability\" per se in ASF software, which conform to both RFC822 (circa 1982) and CGI/1.1 defacto standard (circa 1995, superseded by CGI/1.1 IANA spec RFC 3875).\n\nSeveral ASF projects participate in HTTP requests in the manners described under condition 1. The list of projects that will offer one or more mitigations include but are not limited to; \n \nApache HTTP Server (httpd) (Tracked as CVE-2016-5387) \nApache Tomcat Server (Tracked as CVE-2016-5388) \nApache Traffic Server (ATS) (Tracking is not applicable) \n \nProjects and subprojects impacted by the Apache HTTP Server mitigations will include mod_fcgid (Apache HTTP Project) and mod_perl (Apache Perl Project), as well as external projects such as mod_wsgi, all hopefully under CVE-2016-5387. \n \nNote specifically that any CVE related to mod_fcgi[d] must be ignored, as it duplicates CVE-2016-5387. We have not reached a conclusion on separate tracking that might be unique to mod_perl itself (thus far, it also appears to duplicate -5387.)\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.apache.org/security/asf->\n * [httpoxy-response.txt](<httpoxy-response.txt>)\n\n### Go Programming Language __ Affected\n\nUpdated: July 18, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nCVE-2016-5386\n\n### HAProxy Affected\n\nUpdated: July 13, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HHVM __ Affected\n\nUpdated: July 18, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nCVE-2016-1000109\n\n### Microsoft Corporation __ Affected\n\nNotified: July 12, 2016 Updated: July 13, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nIf you have installed PHP or any other third party framework on top of IIS, we recommend applying mitigation steps to protect from malicious Redirection or MiM attacks.\n\nMitigation: \n \nUpdate apphost.config with the following rule: \n \n<system.webServer> \n \n<rewrite> \n \n<rules> \n \n<rule name=3D\"Erase HTTP_PROXY\" patternSyntax=3D\"Wildcard\"> \n \n<match url=3D\"*.*\" /> \n \n<serverVariables> \n \n<set name=3D\"HTTP_PROXY\" value=3D /> \n \n</serverVariables> \n \n<action type=3D\"None\" /> \n \n</rule> \n \n</rules> \n \n</rewrite> \n \n</system.webServer>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Python __ Affected\n\nUpdated: July 18, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nCVE-2016-1000110 \n\n### The PHP Group __ Affected\n\nUpdated: July 18, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nCVE-2016-5385\n\n### lighttpd __ Affected\n\nUpdated: July 19, 2016 \n\n**Statement Date: July 19, 2016**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nMitigation of httpoxy is available in lighttpd. \n \n \nMitigation: \n \nlighttpd <= 1.4.40 (reject requests containing \"Proxy\" header)\n\n \n* Create \"/path/to/deny-proxy.lua\", read-only to lighttpd, with content: \nif (lighty.request[\"Proxy\"] == nil) then return 0 else return 403 end \n \n* Modify lighttpd.conf to load mod_magnet and run lua code \nserver.modules += ( \"mod_magnet\" ) \nmagnet.attract-raw-url-to = ( \"/path/to/deny-proxy.lua\" ) \n \nlighttpd2 (development) (strip \"Proxy\" header from request) \n* Add to lighttpd.conf: req_header.remove \"Proxy\"; \n \n \nReference: \n \n* lighttpd 1.4 repo contains fix on git master branch to strip \"Proxy\" header and the commit message below contains the above mitigation steps for lighttpd 1.4.x <https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4> \n\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://redmine.lig>\n * [httpd.net/projects/lig](<httpd.net/projects/lig>)\n * [httpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4](<httpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4>)\n\n### nginx Affected\n\nUpdated: July 13, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EfficientIP SAS __ Not Affected\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n**Statement Date: July 12, 2016**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nPlease find the EfficientIP\u2019s status about VU#797896:\n\nVendor: EfficientIP \nStatus: Not Affected \nStatement: No version of our software is affected by VU#797896\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### ARRIS Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### AT&T Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Alcatel-Lucent Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Apple Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arista Networks, Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Aruba Networks Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Avaya, Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Belkin, Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Blue Coat Systems Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CA Technologies Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CentOS Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Check Point Software Technologies Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Cisco Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CoreOS Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### D-Link Systems, Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Debian GNU/Linux Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DesktopBSD Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DragonFly BSD Project Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### EMC Corporation Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Enterasys Networks Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ericsson Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Extreme Networks Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### F5 Networks, Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Fedora Project Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Force10 Networks Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### FreeBSD Project Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Gentoo Linux Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Google Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hardened BSD Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hitachi Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Huawei Technologies Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM Corporation Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Infoblox Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Intel Corporation Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Internet Systems Consortium Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Juniper Networks Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Lenovo Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### McAfee Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NEC Corporation Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### National Center for Supercomputing Applications Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NetBSD Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nokia Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nominum Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OmniTI Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenBSD Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenDNS Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Oracle Corporation Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Peplink Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Polycom Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Q1 Labs Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### QNX Software Systems Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Red Hat, Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ricoh Company Ltd. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Rockwell Automation Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ruby Unknown\n\nUpdated: July 18, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SafeNet Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Secure64 Software Corporation Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Slackware Linux Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SmoothWall Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Snort Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sony Corporation Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sourcefire Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Symantec Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Turbolinux Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ubuntu Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Unisys Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### VMware Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Wind River Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### dnsmasq Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### m0n0wall Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### openSUSE project Unknown\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\nView all 87 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5.1 | AV:N/AC:H/Au:N/C:P/I:P/A:P \nTemporal | 4.6 | E:POC/RL:ND/RC:C \nEnvironmental | 1.1 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <https://tools.ietf.org/html/rfc3875>\n * <https://httpoxy.org>\n * <https://www.apache.org/security/asf-httpoxy-response.txt>\n * <https://cwe.mitre.org/data/definitions/807.html>\n * <https://cwe.mitre.org/data/definitions/454.html>\n\n### Acknowledgements\n\nThanks to Dominic Scheirlinck and Scott Geary of Vend for reporting this vulnerability.\n\nThis document was written by Joel Land.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2016-5385](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-5385>), [CVE-2016-5386](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-5386>), [CVE-2016-5387](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-5387>), [CVE-2016-5388](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-5388>), [CVE-2016-1000109](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-1000109>), [CVE-2016-1000110](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-1000110>) \n---|--- \n**Date Public:** | 2016-07-18 \n**Date First Published:** | 2016-07-18 \n**Date Last Updated: ** | 2016-07-19 17:04 UTC \n**Document Revision: ** | 66 \n", "modified": "2016-07-19T17:04:00", "published": "2016-07-18T00:00:00", "id": "VU:797896", "href": "https://www.kb.cert.org/vuls/id/797896", "type": "cert", "title": "CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:02", "bulletinFamily": "info", "cvelist": ["CVE-2016-1000109", "CVE-2016-1000110", "CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387", "CVE-2016-5388"], "description": "An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy patches from impacted companies and platforms.\n\nResearchers at SaaS distributor VendHQ named the vulnerability Httpoxy. It affects server-side web applications that run in Common Gateway Interface (CGI) or CGI-like environments, such as some FastCGI configurations, along with programing languages PHP, Python, and Go.\n\n\u201cThis is a very serious flaw, if you\u2019re one of the few still reliant on CGI and PHP for generating web pages,\u201d said Dominic Scheirlinck, principal engineer VendHQ, and one of several researchers from the firm that discovered [Httpoxy](<https://httpoxy.org/>). The vulnerability is rated as \u201cmedium\u201d by the firm and is easily exploitable.\n\nScheirlinck describes Httpoxy as a set of vulnerabilities impacted by a simple namespace conflict tied to HTTP proxy headers that unsafely trust the \u201cHTTP_PROXY\u201d environment variable when generating forward requests. This namespace conflict allows an attacker to remotely configure the HTTP_PROXY environment variable on a web server by submitting a malicious Proxy: HTTP header.\n\nThis sets the stage for a remotely exploitable vulnerability where an attacker could launch a man-in-the-middle attack and redirect traffic to an arbitrary host. An adversary might also be able to intercept traffic and decipher sensitive communications. Or a cybercriminal could execute a denial of service attack by forcing vulnerable software to use a malicious proxy to tie up server resources, Scheirlinck said.\n\nIn cooperation with Httpoxy a [number CVEs](<https://www.kb.cert.org/vuls/id/797896>) have been assigned to affected platforms and languages including; PHP (CVE-2016-5385), Go (CVE-2016-5386), Apache HTTP Server (CVE-2016-5387), Apache Tomcat (CVE-2016-5388), HHVM (CVE-2016-1000109) and Python (CVE-2016-1000110).\n\nThe vulnerability impacts the minority of web servers utilizing the older method in which a CGI script would talk to a backend server and pass through information to dynamically generate a web page, said Christopher Robinson, manager, Red Hat Product Security program management. \u201cIf you are on a more modern server, it\u2019s still an option, but it\u2019s not the default way of how webpages are rendered,\u201d Robinson said.\n\nRobinson said only about 3,000 of Red Hat customer servers are impacted by Httpoxy vulnerability. Additional remediation steps have been taken by proxy networks, like Akamai, who on Monday announced measures to protect their customers.\n\n\u201cAkamai has moved to protect the vast majority of its customers by [blocking the HTTP headers which would alter these variables in a CGI/PHP environment](<https://community.akamai.com/docs/DOC-6279>),\u201d the company announced Monday.\n\nScheirlinck said remediation for those impacted is drop-dead simple and only entails updating one line of code \u2013 no system reboot required.\n\n\u201cI would not anticipate there would be a large number of people impacted,\u201d Robinson said. But because the vulnerability is so easily exploitable, he urged companies to fix affected server fast.\n\nHttpoxy, Scheirlinck said, is tied to a much earlier Perl bug discovered 15 years ago found by Randal L Schwartz in 2001. At the time, Schwartz quickly fixed the vulnerability in the Perl libraries for the scripting language. But since then iterations of the bug have cropped up numerous times with vendors not always connecting the dots as to the larger scope of the vulnerability impacting other languages and libraries, Scheirlinck said.\n", "modified": "2016-07-20T15:06:42", "published": "2016-07-18T18:00:46", "id": "THREATPOST:29907254311441DFE8331A9706EE7EFA", "href": "https://threatpost.com/cgi-script-vulnerability-httpoxy-allows-man-in-the-middle-attacks/119345/", "type": "threatpost", "title": "CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "impervablog": [{"lastseen": "2020-06-15T12:34:09", "bulletinFamily": "blog", "cvelist": ["CVE-2016-1000109", "CVE-2016-1000110", "CVE-2016-3087", "CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387", "CVE-2016-5388", "CVE-2017-9841"], "description": "Imperva Cloud WAF protects over a hundred thousand websites globally and observes around a billion of attacks daily. We detect thousands of hacking tools on a daily basis and employ various measures to stop malicious requests. Here are the most dangerous tools and attacks we discover while observing over billions of daily attacks in 2019.\n\nWe use an advanced intelligent [Client Classification](<https://www.imperva.com/blog/how-incapsula-client-classification-challenges-bots/>) mechanism which classifies various web clients. To identify the top tools used by hackers we looked at all the attacks observed during 2019, and clustered them into security incidents. By clustering the data we were able to reduce the bias caused by large attacks and instead focused on diverse attacks on multiple sites over time.\n\nNoticeably the popular coding language, **Python**, continued to be the [weapon of choice](<https://www.imperva.com/blog/the-worlds-most-popular-coding-language-happens-to-be-most-hackers-weapon-of-choice/>) for most hackers while Google\u2019s **Go** language was on the rise. \nNext we can see the **WinHttp** library, which is mainly used by **.net and CPP** running on Windows, followed by **Shell tools** such as **cURL, wget** and others. The rest of the top tools were more\n\n**programming languages and browsers**.\n\nWe\u2019ll provide more interesting statistics on the top tools like **attack types** and **source countries** distributions. We\u2019ll also give a short drill-down into some of the top tools and finish with some advice on how you can protect your website from these tools.\n\n## Some stats from the community\n\nWe decided to take a look at some GitHub stats to understand which languages were used the most.\n\nAccording to [GitHut 2.0](<https://madnight.github.io/githut/#/pull_requests/2019/4>), Python and Go were among the top five languages for 2019:\n\nWe decided to focus specifically on cybersecurity projects in GitHub, assuming most attack tools are tagged as such. GitHub doesn\u2019t classify every repository, but the Security topic in GitHub holds over 8,500 security-related repositories, which is quite a big sample.\n\nLooking at the top five languages used in these repositories we can see that Python comes in first, by a long way , followed by Java, JavaScript, PHP and finally, Go. It\u2019s not surprising to see that major web languages such as PHP and JavaScript are high up on the list, or robust and well-used languages such as Python and Java. But Go joined the top of the list during 2019, and even more interestingly, took the place of the Shell-based code.\n\n[](<https://www.imperva.com/blog/wp-content/uploads/sites/9/2020/05/overflow-questions.jpg>)\n\nWhen comparing GitHub\u2019s statistics to Stack Overflow Trends we get a similar picture. It\u2019s hard to say why there aren\u2019t as many questions about Go as there are pull requests from Go repositories. One amazing statistic is Python\u2019s quick and sharp rise to power - with an average annual rise of 13%, it almost quadrupled in a decade.\n\n## Cloud WAF Statistics\n\nTo see the spread of attacks by these tools on the sites we protect, we created a graph showing the percentage of sites being attacked by each tool during 2019. The tools we observed were in the top both in terms of the number of incidents, and the percentage of attacked sites. **Most sites were hit by Python every month**, while 30-50% of the sites would get hit by each of the other tools.\n\nWe decided to observe the two most popular attacks with the largest number of variations - XSS and SQLi - and the exploitation attempts using these attacks via Go and Python\n\nNoticeably, by the end of 2019, Go had caught up with Python in both types of attacks. It\u2019s still early to tell if this trend will continue, but it\u2019s easy to see that Go had become significantly more popular by the end of 2019.\n\nWe wanted to check the tools distribution for each of the main attack types we observed:\n\n[](<https://www.imperva.com/blog/wp-content/uploads/sites/9/2020/05/Attack-type-distribution.jpg>)\n\nAs you can see - Python was the strongest tool in RCE/RFI, File Upload and Data Leakage while Go was stronger in general automated attacks.\n\nLet\u2019s look at the tool usage source country, according to source IP:\n\n[](<https://www.imperva.com/blog/wp-content/uploads/sites/9/2020/05/tool-usage-source-country.jpg>)\n\nChina used Python way more than any other country, while India chose Go as their go-to tool. It\u2019s hard to say why, but given how well-known these countries are for their cyber activity, it\u2019s possible that new hackers joining the market chose modern tools for their nefarious activities.\n\n**IPs vs Incidents** \nSurprisingly, there wasn\u2019t a strong correlation between the number of IPs using a tool to attack and the number security incidents caused by the tool. This can be explained, partially, by the type of attacks the tools were involved in. Sophisticated, automated attacks tend to be coordinated,\\ - massive wide scale attacks, not so much.\n\n[](<https://www.imperva.com/blog/wp-content/uploads/sites/9/2020/05/20200526030038.jpg>)\n\nThis hypothesis is further validated by looking at the ratio between incidents to IPs. Tools with a low request rate, that can be easily used for browser impersonation, had a very low incident to IP ratio. In comparison, tools that can easily generate wide-scale attacks like Go and Python had a significantly higher incident to IP ratio.\n\n## Let\u2019s go into the bits and bytes\n\n[](<https://www.imperva.com/blog/wp-content/uploads/sites/9/2020/05/popular-Python-libraries.jpg>)\n\nThe most popular Python libraries are Requests, Urllib and Async IO. \nThe use of Async IO library has grown since last year but it is still way behind. However, we expect to see additional growth in the future due to the great capabilities it has when writing asynchronous programs in Python.\n\nWe decided to examine some of the CVEs that were commonly exploited by hacking tools:\n\nIn first place, with around 7 million HTTP requests, was (CVE-2017-9841), a remote command execution vulnerability in [PHPUnit](<https://phpunit.de/>), a widely-used testing framework for PHP. When drilling down into its history, it appears that the CVE was published in June 2017 and the fix already committed on November 11, 2016.\n\nOn September 4, 2019, Drupal published a public service announcement ([PSA-2019-09-04](<https://www.drupal.org/psa-2019-09-04>)) on a vulnerability in Mailchimp which was using PHPUnit as a third-party library. In addition, on January 7, 2020, PrestaShop (an e-commerce solution written in PHP) published a [security announcement](<https://www.prestashop.com/en/security-announcement-your-store-vulnerable-malware>) regarding the PHPUnit vulnerability being exploited by a malware named XsamXadoo Bot. These announcements revived the CVE, triggering hype on Twitter where many posts were published relating to the vulnerability. In addition, vulnerability Databases, such as VulnDB, also updated the record related to this CVE and added new links - for example, a POC written back in [2017 in a blog](<https://web.archive.org/web/20190518233739/http://phpunit.vulnbusters.com/>) that\u2019s only available via the wayback machine. For additional info you can read \u201c[The resurrection of PHPUnit RCE Vulnerability](<https://www.imperva.com/blog/the-resurrection-of-phpunit-rce-vulnerability/>)\u201d blog.\n\nWhen we examine our data, trying to find a popular CVE which was used by the Go-lang attacking tool, we found that one of the most popular CVEs, with around 200K HTTP requests, was actually a group of CVEs (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-1000109, and CVE-2016-1000110). All these CVEs are related to a problem in the HTTP_PROXY environment variable, known as 'httpoxy' issue.\n\nWeb servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts.\n\nLet\u2019s move to cURL, the most common attacking shell tool. With an interesting CVE related to Remote Code Execution in Apache Struts (CVE-2016-3087) with around 100K HTTP requests. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications. The Remote Code Execution can be performed when using REST plugin with ! operator when Dynamic method Invocation is enabled.\n\n## How can you protect yourself?\n\nIf you have a Client Classification mechanism, which can be as simple as looking at the User-Agent, these insights will allow you to easily defend against many common attacks. Treat these tools suspiciously - if you don't expect your application, or part of it, to be accessed by these tools, block requests coming from them. In other cases, you might know that only specific IPs are supposed to use these tools, such as an IP that performs health monitoring, for example. You might want to restrict access to these IPs alone.\n\nIn any case, Client Classification or not, the standard recommendations remain the same - keep your system patched, develop with security in mind, and don\u2019t do anything risky, even temporarily.\n\nMore information about client classification, specific attacks, and on the global cyber threat can be found in the [Cyber Threat Index](<https://www.imperva.com/cyber-threat-index/>).\n\nThe post [Python and Go Top the Chart of 2019\u2019s Most Popular Hacking Tools](<https://www.imperva.com/blog/python-and-go-top-the-chart-of-2019s-most-popular-hacking-tools/>) appeared first on [Blog](<https://www.imperva.com/blog>).", "modified": "2020-05-27T09:22:21", "published": "2020-05-27T09:22:21", "id": "IMPERVABLOG:461A7AC5896687E62024A8D8E5A3749D", "href": "https://www.imperva.com/blog/python-and-go-top-the-chart-of-2019s-most-popular-hacking-tools/", "type": "impervablog", "title": "Python and Go Top the Chart of 2019\u2019s Most Popular Hacking Tools", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2020-10-04T21:16:01", "bulletinFamily": "software", "cvelist": ["CVE-2011-2730", "CVE-2013-2027", "CVE-2014-0224", "CVE-2014-1912", "CVE-2014-3566", "CVE-2014-3571", "CVE-2015-0235", "CVE-2015-0254", "CVE-2015-0286", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3253", "CVE-2015-5254", "CVE-2015-7501", "CVE-2015-7940", "CVE-2015-8607", "CVE-2015-8608", "CVE-2016-0635", "CVE-2016-1181", "CVE-2016-1950", "CVE-2016-1979", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-2834", "CVE-2016-3092", "CVE-2016-3506", "CVE-2016-4430", "CVE-2016-4431", "CVE-2016-4433", "CVE-2016-4436", "CVE-2016-4438", "CVE-2016-4465", "CVE-2016-5019", "CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387", "CVE-2016-5388", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6814", "CVE-2016-7052", "CVE-2016-7055", "CVE-2017-10000", "CVE-2017-10001", "CVE-2017-10002", "CVE-2017-10003", "CVE-2017-10004", "CVE-2017-10005", "CVE-2017-10006", "CVE-2017-10007", "CVE-2017-10008", "CVE-2017-10009", "CVE-2017-10010", "CVE-2017-10011", "CVE-2017-10012", "CVE-2017-10013", "CVE-2017-10015", "CVE-2017-10016", "CVE-2017-10017", "CVE-2017-10018", "CVE-2017-10019", "CVE-2017-10020", "CVE-2017-10021", "CVE-2017-10022", "CVE-2017-10023", "CVE-2017-10024", "CVE-2017-10025", "CVE-2017-10027", "CVE-2017-10028", "CVE-2017-10029", "CVE-2017-10030", "CVE-2017-10031", "CVE-2017-10032", "CVE-2017-10035", "CVE-2017-10036", "CVE-2017-10038", "CVE-2017-10039", "CVE-2017-10040", "CVE-2017-10041", "CVE-2017-10042", "CVE-2017-10043", "CVE-2017-10044", "CVE-2017-10045", "CVE-2017-10046", "CVE-2017-10047", "CVE-2017-10048", "CVE-2017-10049", "CVE-2017-10052", "CVE-2017-10053", "CVE-2017-10056", "CVE-2017-10057", "CVE-2017-10058", "CVE-2017-10059", "CVE-2017-10061", "CVE-2017-10062", "CVE-2017-10063", "CVE-2017-10064", "CVE-2017-10067", "CVE-2017-10069", "CVE-2017-10070", "CVE-2017-10071", "CVE-2017-10072", "CVE-2017-10073", "CVE-2017-10074", "CVE-2017-10075", "CVE-2017-10076", "CVE-2017-10078", "CVE-2017-10079", "CVE-2017-10080", "CVE-2017-10081", "CVE-2017-10082", "CVE-2017-10083", "CVE-2017-10084", "CVE-2017-10085", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10088", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10091", "CVE-2017-10092", "CVE-2017-10093", "CVE-2017-10094", "CVE-2017-10095", "CVE-2017-10096", "CVE-2017-10097", "CVE-2017-10098", "CVE-2017-10100", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10103", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10106", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10112", "CVE-2017-10113", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10119", "CVE-2017-10120", "CVE-2017-10121", "CVE-2017-10122", "CVE-2017-10123", "CVE-2017-10125", "CVE-2017-10126", "CVE-2017-10128", "CVE-2017-10129", "CVE-2017-10130", "CVE-2017-10131", "CVE-2017-10132", "CVE-2017-10133", "CVE-2017-10134", "CVE-2017-10135", "CVE-2017-10136", "CVE-2017-10137", "CVE-2017-10141", "CVE-2017-10142", "CVE-2017-10143", "CVE-2017-10144", "CVE-2017-10145", "CVE-2017-10146", "CVE-2017-10147", "CVE-2017-10148", "CVE-2017-10149", "CVE-2017-10150", "CVE-2017-10156", "CVE-2017-10157", "CVE-2017-10160", "CVE-2017-10168", "CVE-2017-10169", "CVE-2017-10170", "CVE-2017-10171", "CVE-2017-10172", "CVE-2017-10173", "CVE-2017-10174", "CVE-2017-10175", "CVE-2017-10176", "CVE-2017-10177", "CVE-2017-10178", "CVE-2017-10179", "CVE-2017-10180", "CVE-2017-10181", "CVE-2017-10182", "CVE-2017-10183", "CVE-2017-10184", "CVE-2017-10185", "CVE-2017-10186", "CVE-2017-10187", "CVE-2017-10188", "CVE-2017-10189", "CVE-2017-10191", "CVE-2017-10192", "CVE-2017-10193", "CVE-2017-10195", "CVE-2017-10196", "CVE-2017-10198", "CVE-2017-10199", "CVE-2017-10200", "CVE-2017-10201", "CVE-2017-10202", "CVE-2017-10204", "CVE-2017-10205", "CVE-2017-10206", "CVE-2017-10207", "CVE-2017-10208", "CVE-2017-10209", "CVE-2017-10210", "CVE-2017-10211", "CVE-2017-10212", "CVE-2017-10213", "CVE-2017-10214", "CVE-2017-10215", "CVE-2017-10216", "CVE-2017-10217", "CVE-2017-10218", "CVE-2017-10219", "CVE-2017-10220", "CVE-2017-10221", "CVE-2017-10222", "CVE-2017-10223", "CVE-2017-10224", "CVE-2017-10225", "CVE-2017-10226", "CVE-2017-10228", "CVE-2017-10229", "CVE-2017-10230", "CVE-2017-10231", "CVE-2017-10232", "CVE-2017-10233", "CVE-2017-10234", "CVE-2017-10235", "CVE-2017-10236", "CVE-2017-10237", "CVE-2017-10238", "CVE-2017-10239", "CVE-2017-10240", "CVE-2017-10241", "CVE-2017-10242", "CVE-2017-10243", "CVE-2017-10244", "CVE-2017-10245", "CVE-2017-10246", "CVE-2017-10247", "CVE-2017-10248", "CVE-2017-10249", "CVE-2017-10250", "CVE-2017-10251", "CVE-2017-10252", "CVE-2017-10253", "CVE-2017-10254", "CVE-2017-10255", "CVE-2017-10256", "CVE-2017-10257", "CVE-2017-10258", "CVE-2017-3529", "CVE-2017-3562", "CVE-2017-3632", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3646", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-5638", "CVE-2017-5647", "CVE-2017-5650", "CVE-2017-5651", "CVE-2017-5689"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2282980.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "modified": "2017-07-18T00:00:00", "published": "2018-03-20T00:00:00", "id": "ORACLE:CPUJUL2017", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:20:53", "bulletinFamily": "software", "cvelist": ["CVE-2017-10230", "CVE-2017-10226", "CVE-2017-10193", "CVE-2017-10063", "CVE-2017-10031", "CVE-2017-3562", "CVE-2015-5254", "CVE-2017-10228", "CVE-2017-10248", "CVE-2015-1792", "CVE-2014-3566", "CVE-2017-3637", "CVE-2017-10235", "CVE-2017-10088", "CVE-2015-0235", "CVE-2017-10171", "CVE-2017-10196", "CVE-2017-10239", "CVE-2017-10208", "CVE-2017-10231", "CVE-2017-3638", "CVE-2017-10192", "CVE-2017-10001", "CVE-2016-4431", "CVE-2014-1912", "CVE-2017-10211", "CVE-2016-4436", "CVE-2016-5385", "CVE-2017-10143", "CVE-2015-3197", "CVE-2017-10175", "CVE-2017-10202", "CVE-2017-10244", "CVE-2017-10179", "CVE-2017-3642", "CVE-2017-10028", "CVE-2017-10160", "CVE-2016-5019", "CVE-2017-10012", "CVE-2017-10246", "CVE-2017-10134", "CVE-2017-3529", "CVE-2016-6306", "CVE-2017-10229", "CVE-2015-1789", "CVE-2016-2183", "CVE-2017-10075", "CVE-2017-10147", "CVE-2017-10207", "CVE-2017-10113", "CVE-2016-4438", "CVE-2017-10149", "CVE-2017-5689", "CVE-2015-0286", "CVE-2017-10238", "CVE-2016-2178", "CVE-2017-10015", "CVE-2017-3639", "CVE-2017-10241", "CVE-2017-10141", "CVE-2017-10236", "CVE-2017-10069", "CVE-2017-10222", "CVE-2015-3195", "CVE-2017-10220", "CVE-2017-10087", "CVE-2016-2108", "CVE-2017-10250", "CVE-2017-3632", "CVE-2017-10204", "CVE-2013-2027", "CVE-2017-10036", "CVE-2016-3092", "CVE-2014-3571", "CVE-2016-4465", "CVE-2017-10093", "CVE-2017-10064", "CVE-2016-6302", "CVE-2017-3652", "CVE-2017-10076", "CVE-2017-10198", "CVE-2017-10095", "CVE-2017-10006", "CVE-2017-10247", "CVE-2017-10119", "CVE-2017-10234", "CVE-2017-10169", "CVE-2017-3646", "CVE-2017-3648", "CVE-2017-10128", "CVE-2016-2177", "CVE-2017-10121", "CVE-2017-10213", "CVE-2017-10043", "CVE-2017-10144", "CVE-2014-0224", "CVE-2017-10209", "CVE-2016-0635", "CVE-2016-2105", "CVE-2017-10106", "CVE-2017-10186", "CVE-2017-10123", "CVE-2016-4433", "CVE-2017-10052", "CVE-2017-10032", "CVE-2017-10005", "CVE-2015-8607", "CVE-2017-10224", "CVE-2016-2107", "CVE-2016-7055", "CVE-2017-10150", "CVE-2017-10168", "CVE-2017-10232", "CVE-2015-7501", "CVE-2017-10170", "CVE-2017-3649", "CVE-2017-10022", "CVE-2015-3253", "CVE-2017-10107", "CVE-2017-3731", "CVE-2017-10183", "CVE-2016-6307", "CVE-2017-10243", "CVE-2017-5638", "CVE-2016-2834", "CVE-2017-10215", "CVE-2017-10023", "CVE-2017-10242", "CVE-2017-10048", "CVE-2017-10079", "CVE-2016-6308", "CVE-2017-10145", "CVE-2017-10195", "CVE-2017-10070", "CVE-2016-2180", "CVE-2017-10142", "CVE-2017-10104", "CVE-2017-10062", "CVE-2017-10210", "CVE-2017-10201", "CVE-2017-10044", "CVE-2017-10133", "CVE-2017-5651", "CVE-2017-3645", "CVE-2017-10020", "CVE-2017-5647", "CVE-2015-8608", "CVE-2017-10085", "CVE-2016-5388", "CVE-2017-10184", "CVE-2016-2109", "CVE-2017-10255", "CVE-2017-10199", "CVE-2017-3633", "CVE-2017-10082", "CVE-2017-10126", "CVE-2017-10030", "CVE-2017-10135", "CVE-2016-2181", "CVE-2017-3647", "CVE-2017-10008", "CVE-2017-10021", "CVE-2017-10217", "CVE-2016-6304", "CVE-2017-10132", "CVE-2017-10136", "CVE-2017-10187", "CVE-2017-10212", "CVE-2017-3732", "CVE-2016-5386", "CVE-2017-10057", "CVE-2017-10094", "CVE-2017-10252", "CVE-2017-10218", "CVE-2017-10038", "CVE-2017-10191", "CVE-2017-10205", "CVE-2017-3644", "CVE-2017-10101", "CVE-2017-10249", "CVE-2017-10146", "CVE-2017-10237", "CVE-2017-10108", "CVE-2017-10090", "CVE-2016-1979", "CVE-2017-3643", "CVE-2017-10049", "CVE-2017-10004", "CVE-2017-10041", "CVE-2016-2381", "CVE-2016-4430", "CVE-2017-10103", "CVE-2017-10219", "CVE-2017-10061", "CVE-2015-1788", "CVE-2017-10129", "CVE-2017-10025", "CVE-2017-10180", "CVE-2017-10221", "CVE-2017-10019", "CVE-2017-10024", "CVE-2017-10010", "CVE-2017-10185", "CVE-2017-10189", "CVE-2017-10035", "CVE-2017-10111", "CVE-2017-10117", "CVE-2017-10100", "CVE-2017-10013", "CVE-2016-7052", "CVE-2017-10091", "CVE-2017-10178", "CVE-2017-10096", "CVE-2017-10045", "CVE-2017-10240", "CVE-2017-10016", "CVE-2017-10157", "CVE-2017-10040", "CVE-2017-10131", "CVE-2016-1950", "CVE-2017-10071", "CVE-2017-10254", "CVE-2017-10083", "CVE-2017-10003", "CVE-2011-2730", "CVE-2017-3651", "CVE-2017-10110", "CVE-2017-3650", "CVE-2017-3641", "CVE-2017-10097", "CVE-2017-10073", "CVE-2017-10002", "CVE-2017-10105", "CVE-2017-10253", "CVE-2017-10017", "CVE-2017-10056", "CVE-2017-10115", "CVE-2017-3635", "CVE-2017-10047", "CVE-2017-10046", "CVE-2016-1181", "CVE-2017-10114", "CVE-2017-10058", "CVE-2017-10039", "CVE-2015-1790", "CVE-2017-10181", "CVE-2017-10027", "CVE-2017-10206", "CVE-2017-10245", "CVE-2016-6305", "CVE-2016-6303", "CVE-2017-10216", "CVE-2016-5387", "CVE-2017-10223", "CVE-2017-10233", "CVE-2017-10116", "CVE-2017-10200", "CVE-2017-10148", "CVE-2017-5650", "CVE-2017-10214", "CVE-2016-2182", "CVE-2017-10067", "CVE-2017-10078", "CVE-2017-10000", "CVE-2017-10092", "CVE-2017-10256", "CVE-2017-10257", "CVE-2017-10156", "CVE-2017-10074", "CVE-2017-10182", "CVE-2017-10059", "CVE-2017-10098", "CVE-2017-10053", "CVE-2017-10018", "CVE-2015-0254", "CVE-2017-10029", "CVE-2017-3653", "CVE-2015-7940", "CVE-2017-10137", "CVE-2017-10174", "CVE-2017-10225", "CVE-2017-10173", "CVE-2017-3640", "CVE-2017-10177", "CVE-2017-10081", "CVE-2016-3506", "CVE-2017-3636", "CVE-2017-10120", "CVE-2017-10258", "CVE-2017-10112", "CVE-2017-10042", "CVE-2017-10176", "CVE-2017-10122", "CVE-2017-10188", "CVE-2016-2179", "CVE-2017-10089", "CVE-2017-10109", "CVE-2017-10086", "CVE-2016-2106", "CVE-2017-3634", "CVE-2017-10130", "CVE-2017-10118", "CVE-2016-6814", "CVE-2017-10007", "CVE-2017-10080", "CVE-2017-10084", "CVE-2015-1791", "CVE-2017-10009", "CVE-2017-10125", "CVE-2016-6309", "CVE-2017-10072", "CVE-2017-10251", "CVE-2017-10102", "CVE-2017-10172", "CVE-2017-10011"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2282980.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2017-07-18T00:00:00", "published": "2018-03-20T00:00:00", "id": "ORACLE:CPUJUL2017-3236622", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}