{"edition": 1, "title": "GO vulnerability CVE-2016-5386", "bulletinFamily": "software", "published": "2016-07-26T00:08:00", "lastseen": "2017-06-08T00:16:07", "history": [], "modified": "2016-07-26T00:08:00", "reporter": "f5", "hash": "aa7505255809d25a8ef62e5b67ce060be665d81fcec95d0cb8bc60f42c59fa50", "viewCount": 3, "href": "https://support.f5.com/csp/article/K92930514", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "affectedSoftware": [], "type": "f5", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d54079a2d1119afab2dbc462ccb1a8d8"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "00270d2e56de6b15c2d44483d3d033eb"}, {"key": "href", "hash": "5ad070015cc48b33041c5bf14137f248"}, {"key": "modified", "hash": "b7289f43b66cb09750073d4349e27146"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "b7289f43b66cb09750073d4349e27146"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "74ce2e1a498f2fa27b5542040be774dc"}, {"key": "title", "hash": "2ca2721822ef92585ab77292bb10054e"}, {"key": "type", "hash": "74ce2e1a498f2fa27b5542040be774dc"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-06-08T00:16:07"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-5386"]}, {"type": "f5", "idList": ["SOL92930514"]}, {"type": "amazon", "idList": ["ALAS-2016-731"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808719", "OPENVAS:1361412562310808726", "OPENVAS:1361412562310882533", "OPENVAS:1361412562310120720", "OPENVAS:1361412562310106641"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-731.NASL", "OPENSUSE-2016-979.NASL", "FEDORA_2016-340E361B90.NASL", "FEDORA_2016-EA5E284D34.NASL", "SL_20160803_GOLANG_ON_SL7_X.NASL", "ORACLELINUX_ELSA-2016-1538.NASL", "CENTOS_RHSA-2016-1538.NASL", "REDHAT-RHSA-2016-1538.NASL", "HTTP_HTTPOXY.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171129-01-HTTPPROXY"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1538"]}, {"type": "redhat", "idList": ["RHSA-2016:1538"]}, {"type": "centos", "idList": ["CESA-2016:1538"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1EE86C629ABCD63B886F991BBE5E0A75"]}, {"type": "threatpost", "idList": ["THREATPOST:29907254311441DFE8331A9706EE7EFA"]}, {"type": "cert", "idList": ["VU:797896"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2017-3236622"]}], "modified": "2017-06-08T00:16:07"}, "vulnersScore": 5.7}, "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 6.8}, "cvelist": ["CVE-2016-5386"], "id": "F5:K92930514"}

{"cve": [{"lastseen": "2019-05-29T18:15:37", "bulletinFamily": "NVD", "description": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.", "modified": "2017-08-25T01:29:00", "id": "CVE-2016-5386", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5386", "published": "2016-07-19T02:00:00", "title": "CVE-2016-5386", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2016-09-29T13:23:44", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-07-25T00:00:00", "published": "2016-07-25T00:00:00", "id": "SOL92930514", "href": "http://support.f5.com/kb/en-us/solutions/public/k/92/sol92930514.html", "type": "f5", "title": "SOL92930514 - GO vulnerability CVE-2016-5386", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "huawei": [{"lastseen": "2019-02-01T18:01:47", "bulletinFamily": "software", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "modified": "2017-11-29T00:00:00", "published": "2017-11-29T00:00:00", "id": "HUAWEI-SA-20171129-01-HTTPPROXY", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-httpproxy-en", "title": "Security Advisory - A CGI application vulnerability in Some Huawei Products", "type": "huawei", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:27:33", "bulletinFamily": "scanner", "description": "Security fix for CVE-2016-5386 AKA https://httpoxy.org/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-10-24T00:00:00", "id": "FEDORA_2016-EA5E284D34.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92622", "published": "2016-07-29T00:00:00", "title": "Fedora 24 : golang (2016-ea5e284d34) (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ea5e284d34.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92622);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/10/24 13:46:10 $\");\n\n script_cve_id(\"CVE-2016-5386\");\n script_xref(name:\"FEDORA\", value:\"2016-ea5e284d34\");\n\n script_name(english:\"Fedora 24 : golang (2016-ea5e284d34) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-5386 AKA https://httpoxy.org/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea5e284d34\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://httpoxy.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"golang-1.6.3-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:33", "bulletinFamily": "scanner", "description": "Security fix for CVE-2016-5386 AKA https://httpoxy.org/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-10-24T00:00:00", "id": "FEDORA_2016-340E361B90.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92615", "published": "2016-07-29T00:00:00", "title": "Fedora 23 : golang (2016-340e361b90) (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-340e361b90.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92615);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/10/24 13:46:10 $\");\n\n script_cve_id(\"CVE-2016-5386\");\n script_xref(name:\"FEDORA\", value:\"2016-340e361b90\");\n\n script_name(english:\"Fedora 23 : golang (2016-340e361b90) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-5386 AKA https://httpoxy.org/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-340e361b90\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://httpoxy.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"golang-1.5.4-2.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:36", "bulletinFamily": "scanner", "description": "The following packages have been upgraded to a newer upstream version:\ngolang (1.6.3).\n\nSecurity Fix(es) :\n\n - An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header. The environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in- the-middle attack.\n (CVE-2016-5386)", "modified": "2018-12-28T00:00:00", "id": "SL_20160803_GOLANG_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92722", "published": "2016-08-04T00:00:00", "title": "Scientific Linux Security Update : golang on SL7.x x86_64 (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92722);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2016-5386\");\n\n script_name(english:\"Scientific Linux Security Update : golang on SL7.x x86_64 (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a newer upstream version:\ngolang (1.6.3).\n\nSecurity Fix(es) :\n\n - An input-validation flaw was discovered in the Go\n programming language built in CGI implementation, which\n set the environment variable 'HTTP_PROXY' using the\n incoming 'Proxy' HTTP-request header. The environment\n variable 'HTTP_PROXY' is used by numerous web clients,\n including Go's net/http package, to specify a proxy\n server to use for HTTP and, in some cases, HTTPS\n requests. This meant that when a CGI-based web\n application ran, an attacker could specify a proxy\n server which the application then used for subsequent\n outgoing requests, allowing a man-in- the-middle attack.\n (CVE-2016-5386)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1608&L=scientific-linux-errata&F=&S=&P=3880\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?822f7702\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:39", "bulletinFamily": "scanner", "description": "This update addresses a security issue affecting code statically linked with go :\n\n - CVE-2016-5386: A remote attacker could set the HTTP_PROXY environment variable via Proxy header (bsc#988487)", "modified": "2016-10-24T00:00:00", "id": "OPENSUSE-2016-979.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92933", "published": "2016-08-12T00:00:00", "title": "openSUSE Security Update : go (openSUSE-2016-979) (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-979.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92933);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/24 13:46:11 $\");\n\n script_cve_id(\"CVE-2016-5386\");\n\n script_name(english:\"openSUSE Security Update : go (openSUSE-2016-979) (httpoxy)\");\n script_summary(english:\"Check for the openSUSE-2016-979 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a security issue affecting code statically\nlinked with go :\n\n - CVE-2016-5386: A remote attacker could set the\n HTTP_PROXY environment variable via Proxy header\n (bsc#988487)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988487\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected go packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-1.4.3-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-debuginfo-1.4.3-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-debugsource-1.4.3-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"go-1.6.2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"go-debuginfo-1.6.2-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"go-debugsource-1.6.2-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go / go-debuginfo / go-debugsource\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:41", "bulletinFamily": "scanner", "description": "An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header. The environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2016-731.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93009", "published": "2016-08-18T00:00:00", "title": "Amazon Linux AMI : golang (ALAS-2016-731) (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-731.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93009);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-5386\");\n script_xref(name:\"ALAS\", value:\"2016-731\");\n\n script_name(english:\"Amazon Linux AMI : golang (ALAS-2016-731) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input-validation flaw was discovered in the Go programming language\nbuilt in CGI implementation, which set the environment variable\n'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header. The\nenvironment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-731.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update golang' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"golang-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-bin-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-docs-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-misc-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-src-1.5.3-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-tests-1.5.3-1.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:35", "bulletinFamily": "scanner", "description": "An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92693", "published": "2016-08-03T00:00:00", "title": "RHEL 7 : golang (RHSA-2016:1538) (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1538. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92693);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:55\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"RHEL 7 : golang (RHSA-2016:1538) (httpoxy)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1538\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:34", "bulletinFamily": "scanner", "description": "An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92680", "published": "2016-08-03T00:00:00", "title": "CentOS 7 : golang (CESA-2016:1538) (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1538 and \n# CentOS Errata and Security Advisory 2016:1538 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92680);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"CentOS 7 : golang (CESA-2016:1538) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-August/022005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e91e6b89\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:35", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2016:1538 :\n\nAn update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "modified": "2018-09-05T00:00:00", "id": "ORACLELINUX_ELSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92687", "published": "2016-08-03T00:00:00", "title": "Oracle Linux 7 : golang (ELSA-2016-1538) (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:1538 and \n# Oracle Linux Security Advisory ELSA-2016-1538 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92687);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/09/05 15:02:26\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"Oracle Linux 7 : golang (ELSA-2016-1538) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:1538 :\n\nAn update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-August/006244.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:31", "bulletinFamily": "scanner", "description": "The web application running on the remote web server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated.", "modified": "2018-11-15T00:00:00", "id": "HTTP_HTTPOXY.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92539", "published": "2016-07-25T00:00:00", "title": "HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)", "type": "nessus", "sourceData": "#TRUSTED 9737d412ed3ab5e25f5ef90896d2501d25f4440af0983150ca0fd21e14cb92f06b976cce04270dea84401056b96588d6d952fb104ce089356bc360e17eb00df164810029259a41909dfb6ca18adfc481fcc8da6a979bfbf5038e6a9877d8ad6d3eab23c45e17e15aec4695ddaee944675d710ed9002035998616ca47c2eb8176080ae76573d087cbf2e5dd24a833649bac863d92602b3be4d5f8b5774cf728a3ebb99aacd682dee7658b069bef0215bbcc3a0299f28436b9806329ab30a850a31f456ef298f641a2c930dddba168382f7d9fcd0cb323cd2699c6331f9fee6a02fc4293cbe06ef83a7b611eb61a296be409e4547f7864c9089507fbddc224e1d637efa3d8eadd68bb9402a8878777f6a151d1f05e635764409da1a659a10956253000a565974227604a83838ca0ebe86d543eb22d46f31368753083d062d8feedeb566451a94d57e4b744db099dc10a972cb0e370184cb75f8d5bcf0022179fc99a21474c79005897e2d1c366538a3a0245afa93443ae2a6605af2cd88baae350c3a1c193d641d8f88416d788fb1dec32154dcce5969e4a792a89984b4c6a2da4b21f45d11c73d7cfc8053f5a0e70324e9de29288f41141943654838f4923e639d309a477acc008abebfbd41c4eed76b778b09affc8b0d798b52d120f4d32fbb8f35ee2ca50dafde71ecf3b55193d82b0211aa2305481ab63cb5549f5bbd433d9\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92539);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/11/15\");\n\n script_cve_id(\n \"CVE-2016-5385\",\n \"CVE-2016-5386\",\n \"CVE-2016-5387\",\n \"CVE-2016-5388\",\n \"CVE-2016-1000109\",\n \"CVE-2016-1000110\"\n );\n script_bugtraq_id(\n 91815,\n 91816,\n 91818,\n 91821\n );\n script_xref(name:\"CERT\", value:\"797896\");\n\n script_name(english:\"HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)\");\n script_summary(english:\"Checks if the web application responds to a crafted Proxy header in an HTTP request.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application is affected by a man-in-the-middle\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The web application running on the remote web server is affected by a\nman-in-the-middle vulnerability known as 'httpoxy' due to a failure to\nproperly resolve namespace conflicts in accordance with RFC 3875\nsection 4.1.18. The HTTP_PROXY environment variable is set based on\nuntrusted user data in the 'Proxy' header of HTTP requests. The\nHTTP_PROXY environment variable is used by some web client libraries\nto specify a remote proxy server. An unauthenticated, remote attacker\ncan exploit this, via a crafted 'Proxy' header in an HTTP request, to\nredirect an application's internal HTTP traffic to an arbitrary proxy\nserver where it may be observed or manipulated.\"); \n script_set_attribute(attribute:\"see_also\", value:\"https://httpoxy.org/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2016/q3/94\");\n script_set_attribute(attribute:\"solution\", value:\n\"Applicable libraries and products should be updated to address this\nvulnerability. Please consult the library or product vendor for\navailable updates.\n\nIf updating the libraries and products is not an option, or if updates\nare unavailable, filter 'Proxy' request headers on all inbound\nrequests.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:golang:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:drupal:drupal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:python:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:facebook:hiphop_virtual_machine\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n\n script_dependencie(\"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80, 443);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default: 80);\n\nurls = make_list();\n\n# Fix for webmirror_uri \"no such table\" errors\ntable = query_scratchpad(\"SELECT name FROM sqlite_master where type = 'table' and name = 'webmirror_uri'\");\nif (empty_or_null(table)) exit(1, \"Unable to obtain webmirror_uri table from webmirror crawl.\");\n\n# Query Scratchpad for webmirror results with a status code of 200\n# and load results into urls list\nres = query_scratchpad(\"SELECT DISTINCT uri FROM webmirror_uri WHERE port = ? AND status_code = 200 ORDER BY uri ASC\", port);\nif (empty_or_null(res)) exit(1, 'Unable to obtain crawled URIs from webmirror scratchpad.');\n\n# Loop through filters to discard URLs we don't care about testing\ni = 0;\nforeach url (res)\n{\n if (\n # Filter out Apache directory listings page sorting\n url['uri'] !~ \"/\\?[CO]\\=[NDMSA](%|$)\" &&\n # Filter out static text files\n url['uri'] !~ \"\\.(md|js|css|scss|txt|csv|xml)($|\\?)\" &&\n # Filter out image files\n url['uri'] !~ \"\\.(gif|jpeg|jpg|png|svg|ttf|eot|woff|ico)($|\\?)\" &&\n # Filter out binary files\n url['uri'] !~ \"\\.(exe|zip|gz|tar)($|\\?)\" &&\n # Filter out document files\n url['uri'] !~ \"\\.(rtf|doc|docx|pdf|xls|xlt)($|\\?)\"\n )\n {\n # Strip any trailing args from URLs to get the url count down\n if (\"?\" >< url['uri'])\n url['uri'] = ereg_replace(pattern:\"(.*)\\?.*\", replace:\"\\1\", string:url['uri']);\n\n urls = make_list(urls, url['uri']);\n i++;\n }\n # If thorough_tests is not enabled, stop at 10 urls\n if (!thorough_tests && i > 10) break;\n}\n\n# If we have no URLs to check, bail out\nif (empty_or_null(urls))\n audit(AUDIT_WEB_FILES_NOT, \"dynamic content\", port);\n\nurls = list_uniq(urls);\nscanner_ip = this_host();\ntarget_ip = get_host_ip();\npat = \"HTTP/1\\.(0|1)\";\nvuln = FALSE;\n\nforeach url (urls)\n{\n # If we get an empty url string, just go to the next\n if(empty_or_null(url)) continue;\n listener = bind_sock_tcp();\n if (!listener) audit(AUDIT_SOCK_FAIL, 'tcp', 'unknown');\n\n s_port = listener[1];\n s = listener[0];\n\n # Exploit is scanner's IP and our listener's socket in the Proxy header\n exploit = scanner_ip + ':' + s_port;\n v = http_mk_get_req(port: port, item: url, add_headers: make_array(\"Proxy\", exploit));\n req = http_mk_buffer_from_req(req: v);\n # We don't need to check the response we get back from the request's socket\n req = http_send_recv_buf(port:port, data:req);\n\n # When we have a successful attack, we won't get a response returned\n # to req, since the proxied request causes the server-side script to\n # pause execution and timeout without a response. Since we check for\n # NULL here, we can bypass the listener socket timeout for non-vuln\n # URLs to process through the URL queue faster.\n if(isnull(req))\n {\n # Instead we're more interested in if we get data on the listener socket\n soc = sock_accept(socket:s, timeout:3);\n res = recv(socket:soc, length:1024, timeout:3);\n close(s);\n }\n else\n {\n res = NULL;\n close(s);\n }\n\n if (!empty_or_null(res) && (res =~ pat))\n {\n vuln = TRUE;\n report = '\\nThe full request used to detect this flaw was :\\n\\n' +\n http_last_sent_request() +\n '\\n\\nThe server sent back the following data to the listener on port ' + s_port + ':\\n\\n' +\n res +\n '\\n';\n }\n\n # Stop after first vulnerable page is found\n if (vuln) break;\n}\n\nif (vuln)\n{\n security_report_v4(\n port : port,\n severity : SECURITY_WARNING,\n extra : report\n );\n exit(0);\n}\naudit(AUDIT_WEB_SERVER_NOT_AFFECTED, port);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:31:58", "bulletinFamily": "scanner", "description": "The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an 'invalid curve attack.' (CVE-2015-7940)\n\n - A flaw exists in the PathTools module for Perl in the File::Spec::canonpath() function that is triggered as strings are returned as untainted even when passing tainted input. An unauthenticated, remote attacker can exploit this to pass unvalidated user input to sensitive or insecure areas. (CVE-2015-8607)\n\n - An overflow condition exists in Perl in the MapPathA() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-8608)\n\n - A remote code execution vulnerability exists in the Apache Struts component due to improper handling of multithreaded access to an ActionForm instance. An unauthenticated, remote attacker can exploit this, via a specially crafted multipart request, to execute arbitrary code or cause a denial of service condition.\n (CVE-2016-1181)\n\n - A flaw exists in Perl that is triggered during the handling of variables that appear twice in the environment (envp), causing the last value to appear in %ENV, while getenv would return the first. An unauthenticated, remote attacker can exploit this to cause variables to be incorrectly propagated to subprocesses, regardless of the protections offered by taint checking. (CVE-2016-2381)\n\n - A denial of service vulnerability exists in the Apache Commons FileUpload component due to improper handling of boundaries in content-type headers when handling file upload requests. An unauthenticated, remote attacker can exploit this to cause processes linked against the library to become unresponsive. (CVE-2016-3092)\n\n - A man-in-the-middle vulnerability exists in various components, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated.\n (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388)\n\n - A carry propagating error exists in the OpenSSL component in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys.\n Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732)\n\n - An unspecified flaw exists in the UI Framework component that allows authenticated, remote attacker to have an impact on integrity. (CVE-2017-10091)", "modified": "2018-07-16T00:00:00", "id": "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101837", "published": "2017-07-20T00:00:00", "title": "Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101837);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n\n script_cve_id(\n \"CVE-2015-7940\",\n \"CVE-2015-8607\",\n \"CVE-2015-8608\",\n \"CVE-2016-1181\",\n \"CVE-2016-2381\",\n \"CVE-2016-3092\",\n \"CVE-2016-5385\",\n \"CVE-2016-5386\",\n \"CVE-2016-5387\",\n \"CVE-2016-5388\",\n \"CVE-2017-3732\",\n \"CVE-2017-10091\"\n );\n script_bugtraq_id(\n 79091,\n 80504,\n 83802,\n 86018,\n 91068,\n 91453,\n 91815,\n 91816,\n 91818,\n 91821,\n 95814,\n 99649\n );\n script_xref(name:\"CERT\", value:\"797896\");\n\n script_name(english:\"Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)\");\n script_summary(english:\"Checks for the patch ID.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Grid Control installed on\nthe remote host is missing a security patch. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A flaw exists in the Bouncy Castle Java library due to\n improper validation of a point within the elliptic\n curve. An unauthenticated, remote attacker can exploit\n this to obtain private keys by using a series of\n specially crafted elliptic curve Diffie-Hellman (ECDH)\n key exchanges, also known as an 'invalid curve attack.'\n (CVE-2015-7940)\n\n - A flaw exists in the PathTools module for Perl in the\n File::Spec::canonpath() function that is triggered as\n strings are returned as untainted even when passing\n tainted input. An unauthenticated, remote attacker can\n exploit this to pass unvalidated user input to sensitive\n or insecure areas. (CVE-2015-8607)\n\n - An overflow condition exists in Perl in the MapPathA()\n function due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2015-8608)\n\n - A remote code execution vulnerability exists in the\n Apache Struts component due to improper handling of\n multithreaded access to an ActionForm instance. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted multipart request, to execute\n arbitrary code or cause a denial of service condition.\n (CVE-2016-1181)\n\n - A flaw exists in Perl that is triggered during the\n handling of variables that appear twice in the\n environment (envp), causing the last value to appear in\n %ENV, while getenv would return the first. An\n unauthenticated, remote attacker can exploit this to\n cause variables to be incorrectly propagated to\n subprocesses, regardless of the protections offered by\n taint checking. (CVE-2016-2381)\n\n - A denial of service vulnerability exists in the Apache\n Commons FileUpload component due to improper handling of\n boundaries in content-type headers when handling file\n upload requests. An unauthenticated, remote attacker can\n exploit this to cause processes linked against the\n library to become unresponsive. (CVE-2016-3092)\n\n - A man-in-the-middle vulnerability exists in various\n components, known as 'httpoxy', due to a failure to\n properly resolve namespace conflicts in accordance with\n RFC 3875 section 4.1.18. The HTTP_PROXY environment\n variable is set based on untrusted user data in the\n 'Proxy' header of HTTP requests. The HTTP_PROXY\n environment variable is used by some web client\n libraries to specify a remote proxy server. An\n unauthenticated, remote attacker can exploit this, via a\n crafted 'Proxy' header in an HTTP request, to redirect\n an application's internal HTTP traffic to an arbitrary\n proxy server where it may be observed or manipulated.\n (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387,\n CVE-2016-5388)\n\n - A carry propagating error exists in the OpenSSL\n component in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An unauthenticated, remote\n attacker with sufficient resources can exploit this to\n obtain sensitive information regarding private keys.\n Moreover, the attacker would additionally need online\n access to an unpatched system using the target private\n key in a scenario with persistent DH parameters and a\n private key that is shared between multiple clients. For\n example, this can occur by default in OpenSSL DHE based\n SSL/TLS cipher suites. (CVE-2017-3732)\n\n - An unspecified flaw exists in the UI Framework component\n that allows authenticated, remote attacker to have an\n impact on integrity. (CVE-2017-10091)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2261562.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpoxy.org\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2017 Oracle Critical\nPatch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"install_func.inc\");\n\nproduct = \"Oracle Enterprise Manager Cloud Control\";\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nemchome = install['path'];\n\npatchid = NULL;\nmissing = NULL;\npatched = FALSE;\nfix = NULL;\n\nif (version =~ \"^13\\.2\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"25731746\";\n fix = \"13.2.0.0.170718\";\n}\nelse if (version =~ \"^13\\.1\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"25904755\";\n fix = \"13.1.0.0.170718\";\n}\nelse if (version =~ \"^12\\.1\\.0\\.5(\\.[0-9]+)?$\")\n{\n patchid = \"25904769\";\n fix = \"12.1.0.5.170718\";\n}\n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\n# compare version to check if we've already adjusted for patch level during detection\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);\n\n# Now look for the affected components\npatchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));\nif (isnull(patchesinstalled))\n missing = patchid;\nelse\n{\n foreach applied (keys(patchesinstalled[emchome]))\n {\n if (applied == patchid)\n {\n patched = TRUE;\n break;\n }\n else\n {\n foreach bugid (patchesinstalled[emchome][applied]['bugs'])\n {\n if (bugid == patchid)\n {\n patched = TRUE;\n break;\n }\n }\n if (patched) break;\n }\n }\n if (!patched)\n missing = patchid;\n}\n\nif (empty_or_null(missing))\n audit(AUDIT_HOST_NOT, 'affected');\n\norder = make_list('Product', 'Version', \"Missing patch\");\nreport = make_array(\n order[0], product,\n order[1], version,\n order[2], patchid\n);\nreport = report_items_str(report_items:report, ordered_fields:order);\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310808726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808726", "title": "Fedora Update for golang FEDORA-2016-340e361b90", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for golang FEDORA-2016-340e361b90\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808726\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:38 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2016-5386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for golang FEDORA-2016-340e361b90\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"golang on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-340e361b90\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WGHKKCFP4PLVSWQKCM3FJJPEWB5ZNTU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.5.4~2.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "description": "Check the version of golang", "modified": "2019-03-08T00:00:00", "published": "2016-08-08T00:00:00", "id": "OPENVAS:1361412562310882533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882533", "title": "CentOS Update for golang CESA-2016:1538 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for golang CESA-2016:1538 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882533\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-08 15:11:58 +0530 (Mon, 08 Aug 2016)\");\n script_cve_id(\"CVE-2016-5386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for golang CESA-2016:1538 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of golang\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The golang packages provide the\nGo programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es):\n\n * An input-validation flaw was discovered in the Go programming language\nbuilt in CGI implementation, which set the environment variable\n'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header. The\nenvironment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for HTTP\nand, in some cases, HTTPS requests. This meant that when a CGI-based web\napplication ran, an attacker could specify a proxy server which the\napplication then used for subsequent outgoing requests, allowing a\nman-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.\");\n script_tag(name:\"affected\", value:\"golang on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1538\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-August/022005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-bin\", rpm:\"golang-bin~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-docs\", rpm:\"golang-docs~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-misc\", rpm:\"golang-misc~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-src\", rpm:\"golang-src~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"golang-tests\", rpm:\"golang-tests~1.6.3~1.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120720", "title": "Amazon Linux Local Check: alas-2016-731", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2016-731.nasl 11703 2018-10-01 08:05:31Z cfischer $\n#\n# Amazon Linux security check\n#\n# Authors:\n# Autogenerated by alas-generator developed by Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120720\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:19 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2016-731\");\n script_tag(name:\"insight\", value:\"An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable HTTP_PROXY using the incoming Proxy HTTP-request header. The environment variable HTTP_PROXY is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.\");\n script_tag(name:\"solution\", value:\"Run yum update golang to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-731.html\");\n script_cve_id(\"CVE-2016-5386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\n if ((res = isrpmvuln(pkg:\"golang-bin\", rpm:\"golang-bin~1.5.3~1.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.5.3~1.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"golang-docs\", rpm:\"golang-docs~1.5.3~1.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"golang-src\", rpm:\"golang-src~1.5.3~1.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"golang-tests\", rpm:\"golang-tests~1.5.3~1.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"golang-misc\", rpm:\"golang-misc~1.5.3~1.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310808719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808719", "title": "Fedora Update for golang FEDORA-2016-ea5e284d34", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for golang FEDORA-2016-ea5e284d34\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808719\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:53 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2016-5386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for golang FEDORA-2016-ea5e284d34\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"golang on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ea5e284d34\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OR52UXGM6RKSCWF3KQMVZGVZVJ3WEESJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.6.3~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "description": "WatchGuard Fireware XMT Web UI is prone to multiple vulnerabilities.", "modified": "2018-10-26T00:00:00", "published": "2017-03-13T00:00:00", "id": "OPENVAS:1361412562310106641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106641", "title": "WatchGuard Fireware XTM Multiple Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_watchguard_fireware_mult_vuln.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# WatchGuard Fireware XTM Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:watchguard:fireware';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106641\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-13 13:02:48 +0700 (Mon, 13 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2016-5387\", \"CVE-2016-5388\", \"CVE-2016-5386\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"WatchGuard Fireware XTM Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_snmp_os_detection.nasl\", \"gb_watchguard_fireware_detect.nasl\");\n script_mandatory_keys(\"watchguard_fireware/installed\");\n\n script_tag(name:\"summary\", value:\"WatchGuard Fireware XMT Web UI is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WatchGuard Fireware XMT Web UI is prone to multiple vulnerabilities:\n\n - Cross-Site Request Forgery vulnerability on the Fireware Web UI login page.\n\n - Multiple vulnerabilities in the ighttpd component used by Fireware. (CVE-2016-5387, CVE-2106-5388, and\nCVE-2016-5386)\n\n - Vulnerability in the Fireware Web UI that could allow an attacker to enumerate management user login IDs.\");\n\n script_tag(name:\"affected\", value:\"Version prior to 11.12.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 11.12.1 or later\");\n\n script_xref(name:\"URL\", value:\"https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_1/index.html#Fireware/en-US/resolved_issues.html%3FTocPath%3D_____13\");\n script_xref(name:\"URL\", value:\"https://www.korelogic.com/Resources/Advisories/KL-001-2017-004.txt\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"11.12.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"11.12.1\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "unix", "description": "[1.6.3-1]\n- Resolves: rhbz#1358278 - CVE-2016-5386\n[1.6.2-1]\n- rebase to 1.6.2\n- Resolves: rhbz#1346331", "modified": "2016-08-02T00:00:00", "published": "2016-08-02T00:00:00", "id": "ELSA-2016-1538", "href": "http://linux.oracle.com/errata/ELSA-2016-1538.html", "title": "golang security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T19:20:39", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nAn input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable \"HTTP_PROXY\" using the incoming \"Proxy\" HTTP-request header. The environment variable \"HTTP_PROXY\" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.\n\n \n**Affected Packages:** \n\n\ngolang\n\n \n**Issue Correction:** \nRun _yum update golang_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n golang-bin-1.5.3-1.22.amzn1.i686 \n golang-1.5.3-1.22.amzn1.i686 \n \n noarch: \n golang-docs-1.5.3-1.22.amzn1.noarch \n golang-src-1.5.3-1.22.amzn1.noarch \n golang-tests-1.5.3-1.22.amzn1.noarch \n golang-misc-1.5.3-1.22.amzn1.noarch \n \n src: \n golang-1.5.3-1.22.amzn1.src \n \n x86_64: \n golang-1.5.3-1.22.amzn1.x86_64 \n golang-bin-1.5.3-1.22.amzn1.x86_64 \n \n \n", "modified": "2016-08-17T13:30:00", "published": "2016-08-17T13:30:00", "id": "ALAS-2016-731", "href": "https://alas.aws.amazon.com/ALAS-2016-731.html", "title": "Medium: golang", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-05-29T14:34:45", "bulletinFamily": "unix", "description": "The golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version: golang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es):\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable \"HTTP_PROXY\" using the incoming \"Proxy\" HTTP-request header. The environment variable \"HTTP_PROXY\" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "modified": "2018-04-12T03:32:51", "published": "2016-08-02T17:46:33", "id": "RHSA-2016:1538", "href": "https://access.redhat.com/errata/RHSA-2016:1538", "type": "redhat", "title": "(RHSA-2016:1538) Moderate: golang security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:35:46", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:1538\n\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version: golang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es):\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable \"HTTP_PROXY\" using the incoming \"Proxy\" HTTP-request header. The environment variable \"HTTP_PROXY\" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/022005.html\n\n**Affected packages:**\ngolang\ngolang-bin\ngolang-docs\ngolang-misc\ngolang-src\ngolang-tests\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1538.html", "modified": "2016-08-02T21:57:55", "published": "2016-08-02T21:57:55", "id": "CESA-2016:1538", "href": "http://lists.centos.org/pipermail/centos-announce/2016-August/022005.html", "title": "golang security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:39", "bulletinFamily": "software", "description": "Multiple CVEs: httpoxy\n\n# \n\nLow\n\n# Vendor\n\nCloud Foundry\n\n# Versions Affected\n\n * Go Buildpack versions prior to 1.7.10\n * PHP Buildpack versions prior to 4.3.17\n\n# Description\n\nhttpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict which leads to a remotely exploitable vulnerability. httpoxy is a vulnerability for server-side web applications that may allow an attacker to proxy the outgoing HTTP requests made by the web application, direct the server to open outgoing connections to an address and port of their choosing, or tie up server resources by forcing the vulnerable software to use a malicious proxy.\n\nMultiple CVEs were released for httpoxy, including the following that affected Cloud Foundry.\n\n * CVE-2016-5385: PHP\n * CVE-2016-5386: Go\n * CVE-2016-5387: Apache HTTP Server\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * Upgrade the Go Buildpack to the latest version [2] and restage all applications that use automated buildpack detection.\n * Upgrade the PHP Buildpack to the latest version [3] and restage all applications that use automated buildpack detection.\n\n# References\n\n * [1] <https://httpoxy.org/>\n * [2] <https://github.com/cloudfoundry/go-buildpack/releases>\n * [3] [https://github.com/cloudfoundry/go-buildpack/releases](<https://github.com/cloudfoundry/php-buildpack/releases>)\n", "modified": "2016-12-21T00:00:00", "published": "2016-12-21T00:00:00", "id": "CFOUNDRY:1EE86C629ABCD63B886F991BBE5E0A75", "href": "https://www.cloudfoundry.org/blog/httpoxy/", "title": "Multiple CVEs: httpoxy | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2019-05-29T20:44:01", "bulletinFamily": "info", "description": "### Overview \n\nWeb servers running in a CGI or CGI-like context may assign client request `Proxy` header values to internal `HTTP_PROXY` environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts.\n\n### Description \n\n[**CWE-807**](<https://cwe.mitre.org/data/definitions/807.html>)**: Reliance on Untrusted Inputs in a Security Decision, **[**CWE-454**](<https://cwe.mitre.org/data/definitions/454.html>)**: External Initialization of Trusted Variables or Data Stores**\n\nWeb servers running in a CGI or CGI-like context may assign client request `Proxy` header values to internal `HTTP_PROXY` environment variables. The vulnerable behavior is the result of a naming convention for meta-variables, defined in [RFC 3876](<https://tools.ietf.org/html/rfc3875>), which leads to a name collision: \"The HTTP header field name is converted to upper case, has all occurrences of \"-\" replaced with \"_\" and has \"HTTP_\" prepended to give the meta-variable name.\" \n \nAccording to the researchers, a web server is vulnerable if: \n\n\n 1. _A web server, programming language or framework (and in some limited situations the application itself) sets the environmental variable HTTP_PROXY from the user supplied Proxy header in the web request, or sets a similarly used variable (essentially when the request header turns from harmless data into a potentially harmful environmental variable)._\n 2. _A web application makes use of HTTP_PROXY or similar variable unsafely (e.g. fails to check the request type) resulting in an attacker controlled proxy being used (essentially when HTTP_PROXY is actually used unsafely)._\n \nBy sending a specially crafted request to a vulnerable server, a remote, unauthenticated attacker may be able to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts. For more information, refer to [httpoxy.org](<https://httpoxy.org/>). \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nWhere applicable, affected products and components should be updated to address this vulnerability. Check with vendors for information about patching. \n \nWhere patches are unavailable or updating is not an option, consider the following workarounds. \n \n--- \n \n**Filter **`**Proxy**`** request headers** \n \nThe researchers and community have identified several filtering strategies that are product-dependent: \n \n**Apache/CGI** \n \nIn this configuration, any language may be vulnerable (the `HTTP_PROXY` env var is \"real\"). If you are using `mod_headers` , you can unset the \"`Proxy`\" header with this directive: \n\n\n` RequestHeader unset Proxy` \nIf you are using `mod_security`, you can use a rule like (vary the action to taste): \n\n\n` SecRuleEngine On` \n` SecRule &REQUEST_HEADERS:Proxy \"@gt 0\"` \n` \"id:1000005,log,deny,msg:'httpoxy denied'\"` \nRefer to [Apache's response](<https://www.apache.org/security/asf-httpoxy-response.txt>) for more information. \n \n**HAProxy**\n\n \n` httprequest delheader Proxy` \n**lighttpd &lt;= 1.4.40 (reject requests containing \"Proxy\" header)** \n \nCreate \"/path/to/deny-proxy.lua\", read-only to lighttpd, with content: \n\n\n` if (lighty.request[\"Proxy\"] == nil) then return 0 else return 403 end` \nModify lighttpd.conf to load mod_magnet and run lua code \n\n\n` server.modules += ( \"mod_magnet\" ) \nmagnet.attract-raw-url-to = ( \"/path/to/deny-proxy.lua\" )` \n**lighttpd2 (development) (strip \"Proxy\" header from request)** \n \nAdd to lighttpd.conf: \n\n\n` req_header.remove \"Proxy\";` \n**Nginx/FastCGI** \n \nUse this to block the `Proxy` header from being passed on to PHPFPM, PHPPM, etc. \n\n\n` fastcgi_param HTTP_PROXY ;` \n**Nginx with proxy_pass** \n \nThe following setting should work for people who are using \"proxy_pass\" with nginx:\n\n \n` ``proxy_set_header Proxy ;` \n \nMicrosoft has provided the following guidance for IIS servers utilizing affected third-party frameworks: \n \n**Microsoft IIS Mitigation steps:**` \n` \nUpdate `apphost.config` with the following rule:\n\n` \n<system.webServer>` \n` \n<rewrite> \n` \n` <rules> \n` \n` <rule name=3D\"Erase HTTP_PROXY\" patternSyntax=3D\"Wildcard\"> \n` \n` <match url=3D\"*.*\" /> \n` \n` <serverVariables> \n` \n` <set name=3D\"HTTP_PROXY\" value=3D /> \n` \n` </serverVariables> \n` \n` <action type=3D\"None\" /> \n` \n` </rule> \n` \n` </rules> \n` \n` </rewrite> \n` \n`</system.webServer>` \n--- \n \n### Vendor Information\n\n797896\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ Apache HTTP Server Project\n\nNotified: July 12, 2016 Updated: July 18, 2016 \n\n**Statement Date: July 14, 2016**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nThe Apache Software Foundation has discovered no examples of condition 2 described in the [redacted] report, and has determined there is no \"vulnerability\" per se in ASF software, which conform to both RFC822 (circa 1982) and CGI/1.1 defacto standard (circa 1995, superseded by CGI/1.1 IANA spec RFC 3875).\n\nSeveral ASF projects participate in HTTP requests in the manners described under condition 1. The list of projects that will offer one or more mitigations include but are not limited to; \n \nApache HTTP Server (httpd) (Tracked as CVE-2016-5387) \nApache Tomcat Server (Tracked as CVE-2016-5388) \nApache Traffic Server (ATS) (Tracking is not applicable) \n \nProjects and subprojects impacted by the Apache HTTP Server mitigations will include mod_fcgid (Apache HTTP Project) and mod_perl (Apache Perl Project), as well as external projects such as mod_wsgi, all hopefully under CVE-2016-5387. \n \nNote specifically that any CVE related to mod_fcgi[d] must be ignored, as it duplicates CVE-2016-5387. We have not reached a conclusion on separate tracking that might be unique to mod_perl itself (thus far, it also appears to duplicate -5387.)\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.apache.org/security/asf->\n * [httpoxy-response.txt](<httpoxy-response.txt>)\n\n### __ __ Go Programming Language\n\nUpdated: July 18, 2016 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nCVE-2016-5386\n\n### __ HAProxy\n\nUpdated: July 13, 2016 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ HHVM\n\nUpdated: July 18, 2016 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nCVE-2016-1000109\n\n### __ __ Microsoft Corporation\n\nNotified: July 12, 2016 Updated: July 13, 2016 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nIf you have installed PHP or any other third party framework on top of IIS, we recommend applying mitigation steps to protect from malicious Redirection or MiM attacks.\n\nMitigation: \n \nUpdate apphost.config with the following rule: \n \n&lt;system.webServer&gt; \n \n&lt;rewrite&gt; \n \n&lt;rules&gt; \n \n&lt;rule name=3D\"Erase HTTP_PROXY\" patternSyntax=3D\"Wildcard\"&gt; \n \n&lt;match url=3D\"*.*\" /&gt; \n \n&lt;serverVariables&gt; \n \n&lt;set name=3D\"HTTP_PROXY\" value=3D /&gt; \n \n&lt;/serverVariables&gt; \n \n&lt;action type=3D\"None\" /&gt; \n \n&lt;/rule&gt; \n \n&lt;/rules&gt; \n \n&lt;/rewrite&gt; \n \n&lt;/system.webServer&gt;\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Python\n\nUpdated: July 18, 2016 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nCVE-2016-1000110 \n\n### __ __ The PHP Group\n\nUpdated: July 18, 2016 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nCVE-2016-5385\n\n### __ __ lighttpd\n\nUpdated: July 19, 2016 \n\n**Statement Date: July 19, 2016**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nMitigation of httpoxy is available in lighttpd. \n \n \nMitigation: \n \nlighttpd &lt;= 1.4.40 (reject requests containing \"Proxy\" header)\n\n \n* Create \"/path/to/deny-proxy.lua\", read-only to lighttpd, with content: \nif (lighty.request[\"Proxy\"] == nil) then return 0 else return 403 end \n \n* Modify lighttpd.conf to load mod_magnet and run lua code \nserver.modules += ( \"mod_magnet\" ) \nmagnet.attract-raw-url-to = ( \"/path/to/deny-proxy.lua\" ) \n \nlighttpd2 (development) (strip \"Proxy\" header from request) \n* Add to lighttpd.conf: req_header.remove \"Proxy\"; \n \n \nReference: \n \n* lighttpd 1.4 repo contains fix on git master branch to strip \"Proxy\" header and the commit message below contains the above mitigation steps for lighttpd 1.4.x <https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4> \n\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://redmine.lig>\n * [httpd.net/projects/lig](<httpd.net/projects/lig>)\n * [httpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4](<httpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4>)\n\n### __ nginx\n\nUpdated: July 13, 2016 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ EfficientIP SAS\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n**Statement Date: July 12, 2016**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nPlease find the EfficientIP\u2019s status about VU#797896:\n\nVendor: EfficientIP \nStatus: Not Affected \nStatement: No version of our software is affected by VU#797896\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ ACCESS\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ ARRIS\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ AT&amp;T\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Alcatel-Lucent\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Apple\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Arista Networks, Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Aruba Networks\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Avaya, Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Belkin, Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Blue Coat Systems\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ CA Technologies\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ CentOS\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Check Point Software Technologies\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Cisco\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ CoreOS\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ D-Link Systems, Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Debian GNU/Linux\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ DesktopBSD\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ DragonFly BSD Project\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ EMC Corporation\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Enterasys Networks\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Ericsson\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Extreme Networks\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ F5 Networks, Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Fedora Project\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Force10 Networks\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ FreeBSD Project\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Gentoo Linux\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Google\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Hardened BSD\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Hewlett Packard Enterprise\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Hitachi\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Huawei Technologies\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ IBM Corporation\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Infoblox\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Intel Corporation\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Internet Systems Consortium\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Internet Systems Consortium - DHCP\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Juniper Networks\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Lenovo\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ McAfee\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ NEC Corporation\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ National Center for Supercomputing Applications\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ NetBSD\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Nokia\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Nominum\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ OmniTI\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ OpenBSD\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ OpenDNS\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Openwall GNU/*/Linux\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Oracle Corporation\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Peplink\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Polycom\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Q1 Labs\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ QNX Software Systems Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Red Hat, Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Ricoh Company Ltd.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Rockwell Automation\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Ruby\n\nUpdated: July 18, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ SUSE Linux\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ SafeNet\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Secure64 Software Corporation\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Slackware Linux Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ SmoothWall\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Snort\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Sony Corporation\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Sourcefire\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Symantec\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ TippingPoint Technologies Inc.\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Turbolinux\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Ubuntu\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Unisys\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ VMware\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ Wind River\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ dnsmasq\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ m0n0wall\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\n### __ openSUSE project\n\nNotified: July 12, 2016 Updated: July 12, 2016 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor References\n\nView all 87 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5.1 | AV:N/AC:H/Au:N/C:P/I:P/A:P \nTemporal | 4.6 | E:POC/RL:ND/RC:C \nEnvironmental | 1.1 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <https://tools.ietf.org/html/rfc3875>\n * <https://httpoxy.org>\n * <https://www.apache.org/security/asf-httpoxy-response.txt>\n * <https://cwe.mitre.org/data/definitions/807.html>\n * <https://cwe.mitre.org/data/definitions/454.html>\n\n### Acknowledgements\n\nThanks to Dominic Scheirlinck and Scott Geary of Vend for reporting this vulnerability. \n\nThis document was written by Joel Land. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2016-5385, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5385>) [CVE-2016-5386, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5386>) [CVE-2016-5387, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5387>) [CVE-2016-5388, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5388>) [CVE-2016-1000109, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000109>) [CVE-2016-1000110](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000110>) \n---|--- \n**Date Public:** | 2016-07-18 \n**Date First Published:** | 2016-07-18 \n**Date Last Updated: ** | 2016-07-19 17:04 UTC \n**Document Revision: ** | 65 \n", "modified": "2016-07-19T17:04:00", "published": "2016-07-18T00:00:00", "id": "VU:797896", "href": "https://www.kb.cert.org/vuls/id/797896", "type": "cert", "title": "CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:02", "bulletinFamily": "info", "description": "An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy patches from impacted companies and platforms.\n\nResearchers at SaaS distributor VendHQ named the vulnerability Httpoxy. It affects server-side web applications that run in Common Gateway Interface (CGI) or CGI-like environments, such as some FastCGI configurations, along with programing languages PHP, Python, and Go.\n\n\u201cThis is a very serious flaw, if you\u2019re one of the few still reliant on CGI and PHP for generating web pages,\u201d said Dominic Scheirlinck, principal engineer VendHQ, and one of several researchers from the firm that discovered [Httpoxy](<https://httpoxy.org/>). The vulnerability is rated as \u201cmedium\u201d by the firm and is easily exploitable.\n\nScheirlinck describes Httpoxy as a set of vulnerabilities impacted by a simple namespace conflict tied to HTTP proxy headers that unsafely trust the \u201cHTTP_PROXY\u201d environment variable when generating forward requests. This namespace conflict allows an attacker to remotely configure the HTTP_PROXY environment variable on a web server by submitting a malicious Proxy: HTTP header.\n\nThis sets the stage for a remotely exploitable vulnerability where an attacker could launch a man-in-the-middle attack and redirect traffic to an arbitrary host. An adversary might also be able to intercept traffic and decipher sensitive communications. Or a cybercriminal could execute a denial of service attack by forcing vulnerable software to use a malicious proxy to tie up server resources, Scheirlinck said.\n\nIn cooperation with Httpoxy a [number CVEs](<https://www.kb.cert.org/vuls/id/797896>) have been assigned to affected platforms and languages including; PHP (CVE-2016-5385), Go (CVE-2016-5386), Apache HTTP Server (CVE-2016-5387), Apache Tomcat (CVE-2016-5388), HHVM (CVE-2016-1000109) and Python (CVE-2016-1000110).\n\nThe vulnerability impacts the minority of web servers utilizing the older method in which a CGI script would talk to a backend server and pass through information to dynamically generate a web page, said Christopher Robinson, manager, Red Hat Product Security program management. \u201cIf you are on a more modern server, it\u2019s still an option, but it\u2019s not the default way of how webpages are rendered,\u201d Robinson said.\n\nRobinson said only about 3,000 of Red Hat customer servers are impacted by Httpoxy vulnerability. Additional remediation steps have been taken by proxy networks, like Akamai, who on Monday announced measures to protect their customers.\n\n\u201cAkamai has moved to protect the vast majority of its customers by [blocking the HTTP headers which would alter these variables in a CGI/PHP environment](<https://community.akamai.com/docs/DOC-6279>),\u201d the company announced Monday.\n\nScheirlinck said remediation for those impacted is drop-dead simple and only entails updating one line of code \u2013 no system reboot required.\n\n\u201cI would not anticipate there would be a large number of people impacted,\u201d Robinson said. But because the vulnerability is so easily exploitable, he urged companies to fix affected server fast.\n\nHttpoxy, Scheirlinck said, is tied to a much earlier Perl bug discovered 15 years ago found by Randal L Schwartz in 2001. At the time, Schwartz quickly fixed the vulnerability in the Perl libraries for the scripting language. But since then iterations of the bug have cropped up numerous times with vendors not always connecting the dots as to the larger scope of the vulnerability impacting other languages and libraries, Scheirlinck said.\n", "modified": "2016-07-20T15:06:42", "published": "2016-07-18T18:00:46", "id": "THREATPOST:29907254311441DFE8331A9706EE7EFA", "href": "https://threatpost.com/cgi-script-vulnerability-httpoxy-allows-man-in-the-middle-attacks/119345/", "type": "threatpost", "title": "CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oracle": [{"lastseen": "2019-05-29T18:20:53", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2282980.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2017-07-18T00:00:00", "published": "2018-03-20T00:00:00", "id": "ORACLE:CPUJUL2017-3236622", "href": "", "title": "Oracle Critical Patch Update - July 2017", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}