Iris ID IrisAccess ICU 7000-2 XSS / Cross Site Request Forgery

i? Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF Firmware Channel 2: 1.9 Iris TwoPi: 1.4.5 Summary: The...

MGASA-2016-0262 Updated apache packages fix security vulnerability

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities

Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF...

Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities

Summary The ICU 7000-2 is an optional component used when the client requires iris template data to be matched on the secure side of the door. When using ICU no data is stored in the iCAM7 Iris Reader itself. The ICU also ensures that portal operation can continue if the there is an interruption ...

Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities

Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF Firmware Channel 2: 1.9 Iris TwoPi: 1.4.5 Summary: The ICU...

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

Debian DLA-553-1 : apache2 security update (httpoxy)

Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP...

Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerability (USN-3038-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3038-1 advisory. It was discovered that the Apache HTTP Server would set the HTTPPROXY environment variable based on the contents of the Proxy header from HTTP request...

CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy)

An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RedHat Update for httpd RHSA-2016:1421-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for httpd RHSA-2016:1422-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20160718) (httpoxy)

Security Fixes : - It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A...

USN-3038-1: Apache HTTP Server vulnerability

It was discovered that the Apache HTTP Server would set the HTTPPROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTPPROXY variable to redirect outgoing HTTP...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2016:1421 An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

CVE-2016-5387

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

The vulnerability of the microprogramming software of Cisco RV130W, Cisco RV215W, and Cisco RV110W routers allows a hacker to cause service failures.

The vulnerability of the web interface configuration of microprogramming software for Cisco RV130W, Cisco RV215W, and Cisco RV110W stems from buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to trigger a service failure device reboot by using specially crafted...

CVE-2016-5097

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...

CVE-2016-5097

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...

CVE-2016-5097

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...

CVE-2016-5097

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading 1 HTTP requests or 2 server logs...