Lucene search

Gentoo FoundationMGASA-2017-0146

HistoryMay 26, 2017 - 9:54 a.m.

Updated perl-CGI-Emulate-PSGI packages fix security vulnerability

2017-05-2609:54:58

Gentoo Foundation

advisories.mageia.org

0.2 Low

EPSS

Percentile

96.3%

JSON

This update removes the setting of the HTTP_PROXY environment value. This works around the httproxy vulnerability (aka CVE-2016-5387)

OSVersionArchitecturePackageVersionFilename
Mageia5noarchperl-cgi-emulate-psgi< 0.200.0-5.1perl-CGI-Emulate-PSGI-0.200.0-5.1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	perl-cgi-emulate-psgi	< 0.200.0-5.1	perl-CGI-Emulate-PSGI-0.200.0-5.1.mga5

References

bugs.mageia.org/show_bug.cgi?id=19168

lists.fedoraproject.org/archives/list/[email protected]/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/

fedora

[SECURITY] Fedora 23 Update: httpd-2.4.23-4.fc23

2016-07-27 20:56:05

[SECURITY] Fedora 24 Update: httpd-2.4.23-4.fc24

2016-07-22 16:00:58

[SECURITY] Fedora 24 Update: perl-CGI-Emulate-PSGI-0.22-1.fc24

2016-08-08 20:37:39

veracode

Open Redirection

2019-01-15 09:12:18

nessus

RHEL 5 / 6 : httpd (RHSA-2016:1421) (httpoxy)

2016-07-19 00:00:00

Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20160718) (httpoxy)

2016-07-19 00:00:00

Fedora 24 : httpd (2016-9fd9bfab9e) (httpoxy)

2016-07-25 00:00:00

ubuntucve

CVE-2016-5387

2016-07-18 00:00:00

CVE-2016-4694

2016-09-25 00:00:00

CVE-2016-1000104

2019-12-03 00:00:00

debian

[SECURITY] [DLA 553-1] apache2 security update

2016-07-20 11:30:44

[SECURITY] [DSA 3623-1] apache2 security update

2016-07-20 08:39:47

[SECURITY] [DSA 3623-1] apache2 security update

2016-07-20 08:40:04

osv

CVE-2016-5387

2016-07-19 02:00:00

wordpress - security update

2016-07-29 00:00:00

openvas

Fedora Update for perl-CGI-Emulate-PSGI FEDORA-2016-a29c65b00f

2016-08-09 00:00:00

Apache HTTP Server Man-in-the-Middle Attack Vulnerability (Jul 2016) - Windows

2016-07-26 00:00:00

Debian Security Advisory DSA 3623-1 (apache2 - security update)

2016-07-20 00:00:00

debiancve

CVE-2016-5387

2016-07-19 02:00:00

oraclelinux

httpd security and bug fix update

2016-07-18 00:00:00

httpd security update

2016-07-18 00:00:00

ibm

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2016-5387)

2018-06-16 21:48:41

Security Bulletin: A vulnerability in the Apache HTTP Server affects PowerKVM (CVE-2016-5387)

2018-06-18 01:32:51

Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)

2022-09-08 00:09:56

mageia

Updated apache packages fix security vulnerability

2016-07-27 00:16:28

redhat

(RHSA-2016:1421) Important: httpd security update

2016-07-18 00:00:00

(RHSA-2016:1851) Important: Red Hat JBoss Core Services Apache HTTP 2.4.6 Service Pack 1 security update

2016-09-12 16:50:10

(RHSA-2016:1422) Important: httpd security and bug fix update

2016-07-18 14:13:23

ubuntu

Apache HTTP Server vulnerability

2016-07-18 00:00:00

alpinelinux

CVE-2016-5387

2016-07-19 02:00:00

httpd

Apache Httpd < 2.2.32 : HTTP_PROXY environment variable "httpoxy" mitigation

2016-07-02 00:00:00

Apache Httpd < 2.4.25 : HTTP_PROXY environment variable "httpoxy" mitigation

2016-07-02 00:00:00

centos

httpd, mod_ssl security update

2016-07-18 15:57:06

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2016-07-18 16:26:29

amazon

Important: httpd24, httpd

2016-07-20 18:00:00

Apache HTTPD vulnerability CVE-2016-5387

2016-08-02 21:36:00

SOL80513384 - Apache HTTPD vulnerability CVE-2016-5387

2016-08-02 00:00:00

prion

Design/Logic Flaw

2016-07-19 02:00:00

Design/Logic Flaw

2016-10-06 14:59:00

Design/Logic Flaw

2016-09-25 10:59:00

redhatcve

CVE-2016-5387

2016-07-18 14:19:04

CVE-2016-1000104

2016-07-18 14:49:14

cve

CVE-2016-5387

2016-07-19 02:00:00

CVE-2016-1000102

2016-10-06 14:59:00

CVE-2016-4694

2016-09-25 10:59:00

cvelist

CVE-2016-5387

2016-07-19 01:00:00

CVE-2016-4694

2016-09-25 10:00:00

cloudfoundry

Multiple CVEs: httpoxy | Cloud Foundry

2016-12-21 00:00:00

altlinux

Security fix for the ALT Linux 8 package apache2 version 1:2.4.25-alt1

2017-05-18 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.25-alt1

2017-05-18 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.25-alt1

2017-05-18 00:00:00

slackware

[slackware-security] httpd

2016-12-24 01:35:08

freebsd

Apache httpd -- several vulnerabilities

2016-12-20 00:00:00

threatpost

CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack

2016-07-18 18:00:46

gentoo

Apache: Multiple vulnerabilities

2017-01-15 00:00:00

checkpoint_advisories

CGI Namespace Conflict Man-In-The-Middle (httpoxy; CVE-2016-1000109; CVE-2016-1000110; CVE-2016-5385; CVE-2016-5386; CVE-2016-5387; CVE-2016-5388)

2016-07-19 00:00:00

cert

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

2016-07-18 00:00:00

impervablog

Python and Go Top the Chart of 2019’s Most Popular Hacking Tools

2020-05-27 09:22:21

apple

About the security content of macOS High Sierra 10.13

2017-09-25 00:00:00

About the security content of macOS High Sierra 10.13 - Apple Support

2020-02-06 07:51:09

About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite

2017-03-27 00:00:00

oracle

Oracle Critical Patch Update - January 2018

2018-01-16 00:00:00

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

0.2 Low

EPSS

Percentile

96.3%

JSON

Updated perl-CGI-Emulate-PSGI packages fix security vulnerability

References

Related