MiracleLinux 4 : rh-php56-php-5.6.5-9.AXS4 (AXSA:2016-622:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-622:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

MiracleLinux 7 : php55-php-5.5.21-5.el7 (AXSA:2016-632:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-632:01 advisory. Security issues fixed with this release: CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore...

MiracleLinux 4 : php55-php-5.5.21-5.AXS4 (AXSA:2016-625:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-625:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

MiracleLinux 4 : php-5.3.3-48.AXS4 (AXSA:2016-621:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-621:04 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

MiracleLinux 7 : php-5.4.16-36.3.el7 (AXSA:2016-624:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-624:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

RHEL 6 / 7 : rh-php56-php (RHSA-2016:1612)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1612 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: It was discovered that PHP did not properly...

RHEL 6 / 7 : php55-php (RHSA-2016:1611)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1611 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: It was discovered that PHP did not properly...

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Vulnerabilities in the Apache Tomcat component affect the product's management GUI. The CLI interface is unaffected. The applicable CVEs are CVE-2016-5385 CVE-2016-5386 CVE-2016-5387 CVE-2016-5388. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker t...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack...

Slackware: Security Advisory (SSA:2016-203-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.9. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wit...

PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.24. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wi...

SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2941-1) (httpoxy)

This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029. Note that Tenable Network Security has extracted the preceding description blo...

Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385)

Summary PowerKVM is affected by a vulnerability in PHP. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence ...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack or redirect outbound...

Security Bulletin: Multiple vulnerabilities affecting web servers that run code in a CGI or CGI-like context affects IBM API Connect (CVE-2016-5385, CVE-2016-1000105)

Summary IBM API Connect is affected by multiple vulnerabilities relating to web servers that run code in a CGI or CGI-like context CVE-2016-5385, CVE-2016-1000105. IBM has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker to...

Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)

The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...

Multiple CVEs: httpoxy | Cloud Foundry

Multiple CVEs: httpoxy Low Vendor Cloud Foundry Versions Affected Go Buildpack versions prior to 1.7.10 PHP Buildpack versions prior to 4.3.17 Description httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict...

Debian DLA-749-1 : php5 security update (httpoxy)

CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's...

[SECURITY] [DLA 749-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u6 CVE ID : CVE-2016-5385 CVE-2016-7124 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 CVE-2016-5385 PHP through 7.0.8 does not attempt to...