2629 matches found
CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
Code injection
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
Code injection
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4748
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4748
CVE-2016-4748 describes a localPrivilege bypass in Perl on macOS OS X before 10.12, where taint-mode protection can be bypassed via a crafted environment variable. The vulnerability affects Perl within macOS/OS X and is documented in Apple’s security content for macOS Sierra 10.12. The connected ...
CVE-2016-4701
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
CGIHandler: sets environmental variable based on user supplied Proxy request header
It was discovered that the Python CGIHandler class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
Tomcat: CGI sets environmental variable based on user supplied Proxy request header
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker coul...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 Service Pack 1 security update
Updated packages that provide Red Hat JBoss Web Server 3.0.3 Service Pack 1 and fixes two security issues and a bug with ajp processors are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
Amazon Linux AMI : golang (ALAS-2016-731) (httpoxy)
An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTPPROXY' using the incoming 'Proxy' HTTP-request header. The environment variable 'HTTPPROXY' is used by numerous web clients, including Go's net/http package,...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
PHP: sets environmental variable based on user supplied Proxy request header
It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...
PHP: sets environmental variable based on user supplied Proxy request header
It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...