don’t set environmental variable based on user supplied Proxy
request header CVE-2016-5385
[5.4.16-36.2]
fix segmentation fault in header_register_callback #1346758

OSVersionArchitecturePackageVersionFilename
oracle linux7srcphp< 5.4.16-36.3.el7_2php-5.4.16-36.3.el7_2.src.rpm
oracle linux7x86_64php< 5.4.16-36.3.el7_2php-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux7x86_64php-bcmath< 5.4.16-36.3.el7_2php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux7x86_64php-cli< 5.4.16-36.3.el7_2php-cli-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux7x86_64php-common< 5.4.16-36.3.el7_2php-common-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux7x86_64php-dba< 5.4.16-36.3.el7_2php-dba-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux7x86_64php-devel< 5.4.16-36.3.el7_2php-devel-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux7x86_64php-embedded< 5.4.16-36.3.el7_2php-embedded-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux7x86_64php-enchant< 5.4.16-36.3.el7_2php-enchant-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux7x86_64php-fpm< 5.4.16-36.3.el7_2php-fpm-5.4.16-36.3.el7_2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	7	src	php	< 5.4.16-36.3.el7_2	php-5.4.16-36.3.el7_2.src.rpm
oracle linux	7	x86_64	php	< 5.4.16-36.3.el7_2	php-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux	7	x86_64	php-bcmath	< 5.4.16-36.3.el7_2	php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux	7	x86_64	php-cli	< 5.4.16-36.3.el7_2	php-cli-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux	7	x86_64	php-common	< 5.4.16-36.3.el7_2	php-common-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux	7	x86_64	php-dba	< 5.4.16-36.3.el7_2	php-dba-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux	7	x86_64	php-devel	< 5.4.16-36.3.el7_2	php-devel-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux	7	x86_64	php-embedded	< 5.4.16-36.3.el7_2	php-embedded-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux	7	x86_64	php-enchant	< 5.4.16-36.3.el7_2	php-enchant-5.4.16-36.3.el7_2.x86_64.rpm
oracle linux	7	x86_64	php-fpm	< 5.4.16-36.3.el7_2	php-fpm-5.4.16-36.3.el7_2.x86_64.rpm

Rows per page:

1-10 of 261

nessus 34

fedora 6

typo3 4

prion 2

centos 2

redhatcve 1

openvas 18

friendsofphp 2

oraclelinux 2

github 1

redhat 5

f5 1

debiancve 1

cve 2

ibm 8

veracode 1

osv 2

gitlab 1

archlinux 1

ubuntucve 1

slackware 1

cloudfoundry 2

checkpoint_advisories 1

cert 1

threatpost 1

impervablog 1

debian 2

amazon 1

freebsd 1

ubuntu 1

gentoo 1

kitploit 1

rosalinux 1

oracle 2

nessus

Fedora 23 : php (2016-cd2bd0800f) (httpoxy)

2016-08-01 00:00:00

Fedora 24 : php-guzzlehttp-guzzle6 (2016-4e7db3d437) (httpoxy)

2016-07-29 00:00:00

CentOS 6 : php (CESA-2016:1609) (httpoxy)

2016-08-12 00:00:00

fedora

[SECURITY] Fedora 24 Update: php-guzzlehttp-guzzle6-6.2.1-1.fc24

2016-07-29 00:00:06

[SECURITY] Fedora 23 Update: php-guzzlehttp-guzzle6-6.2.1-1.fc23

2016-07-29 02:55:08

[SECURITY] Fedora 23 Update: php-guzzlehttp-guzzle-5.3.1-1.fc23

2016-07-29 02:55:03

typo3

Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)

2018-08-09 00:00:00

Environment Variable Injection

2016-07-19 00:00:00

Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)

2018-08-09 00:00:00

prion

Design/Logic Flaw

2016-07-19 02:00:00

Design/Logic Flaw

2016-10-06 14:59:00

centos

php security update

2016-08-12 11:27:56

php security update

2016-08-11 21:20:11

redhatcve

CVE-2016-5385

2016-07-18 14:19:09

openvas

Fedora Update for php FEDORA-2016-8eb11666aa

2016-08-04 00:00:00

RedHat Update for php RHSA-2016:1613-01

2016-08-12 00:00:00

RedHat Update for php RHSA-2016:1609-01

2016-08-12 00:00:00

friendsofphp

HTTP Proxy header vulnerability

2018-02-12 19:47:17

HTTP Proxy header vulnerability

2016-07-18 20:27:36

oraclelinux

php security update

2016-08-11 00:00:00

php security and bug fix update

2016-11-09 00:00:00

github

HTTP Proxy header vulnerability

2022-04-07 13:59:22

redhat

(RHSA-2016:1611) Moderate: php55-php security update

2016-08-11 19:52:52

(RHSA-2016:1612) Moderate: rh-php56-php security update

2016-08-11 19:53:18

(RHSA-2016:1610) Moderate: php54-php security update

2016-08-11 19:51:58

K73071205 : PHP vulnerability CVE-2016-5385

2016-07-26 00:00:00

debiancve

CVE-2016-5385

2016-07-19 02:00:00

cve

CVE-2016-5385

2016-07-19 02:00:00

CVE-2016-1000100

2016-10-06 14:59:00

ibm

Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385)

2018-06-18 01:33:23

Security Bulletin: Multiple vulnerabilities affecting web servers that run code in a CGI or CGI-like context affects IBM API Connect (CVE-2016-5385, CVE-2016-1000105)

2018-06-15 07:06:31

Security Bulletin: IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)

2018-06-16 21:48:14

veracode

Open Redirection

2019-01-15 09:12:46

osv

HTTP Proxy header vulnerability

2022-04-07 13:59:22

php5 - security update

2016-12-16 00:00:00

gitlab

HTTP Proxy header vulnerability

2016-07-18 00:00:00

archlinux

drupal: proxy injection

2016-07-21 00:00:00

ubuntucve

CVE-2016-5385

2016-07-18 00:00:00

slackware

[slackware-security] php

2016-07-21 23:38:17

cloudfoundry

Multiple CVEs: httpoxy | Cloud Foundry

2016-12-21 00:00:00

USN-3045-1 PHP vulnerabilities | Cloud Foundry

2016-09-09 00:00:00

checkpoint_advisories

CGI Namespace Conflict Man-In-The-Middle (httpoxy; CVE-2016-1000109; CVE-2016-1000110; CVE-2016-5385; CVE-2016-5386; CVE-2016-5387; CVE-2016-5388)

2016-07-19 00:00:00

cert

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

2016-07-18 00:00:00

threatpost

CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack

2016-07-18 18:00:46

impervablog

Python and Go Top the Chart of 2019’s Most Popular Hacking Tools

2020-05-27 09:22:21

debian

[SECURITY] [DSA 3631-1] php5 security update

2016-07-26 20:46:29

[SECURITY] [DLA 749-1] php5 security update

2016-12-16 21:48:18

amazon

Medium: php55, php56

2016-08-01 13:30:00

freebsd

php -- multiple vulnerabilities

2016-07-21 00:00:00

ubuntu

PHP vulnerabilities

2016-08-02 00:00:00

gentoo

PHP: Multiple vulnerabilities

2016-11-30 00:00:00

kitploit

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

2019-11-05 12:00:00

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

oracle

Oracle Critical Patch Update - January 2018

2018-01-16 00:00:00

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.951 High

EPSS

Percentile

99.1%

JSON

Related for ELSA-2016-1613