CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

MGASA-2016-0312 Updated tomcat packages fix security vulnerability

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

RHEL 6 / 7 : JBoss Core Services (RHSA-2016:1851) (httpoxy)

Updated packages are available for Red Hat Enterprise Linux 6 and 7 that provide Red Hat JBoss Core Services Service Pack 1 fixing one security issue. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

SUSE SLES12 Security Update : squid (SUSE-SU-2016:2008-1)

The Squid HTTP proxy has been updated to version 3.3.14, fixing the following security issues : - Fixed multiple Denial of Service issues in HTTP Response processing. CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc968392, bsc968393, bsc968394, bsc968395 - CVE-2016-3947: Buffer...

Browsing via HTTP Proxy Detection

Binary data 9529.prm...

RHEL 7 : Red Hat JBoss Web Server 2.1.1 security update on RHEL 7 (Important) (RHSA-2016:1648)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1648 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

RHEL 6 : JBoss Web Server (RHSA-2016:1649) (httpoxy)

An update is now available for Red Hat JBoss Enterprise Web Server 2.1 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.1 security update

An update is now available for Red Hat JBoss Web Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

RHEL 7 : Red Hat JBoss Web Server 3.0.3 Service Pack 1 (RHSA-2016:1635) (httpoxy)

Updated packages that provide Red Hat JBoss Web Server 3.0.3 Service Pack 1 and fixes two security issues and a bug with ajp processors are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

CGIHandler: sets environmental variable based on user supplied Proxy request header

It was discovered that the Python CGIHandler class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP...

SUSE-SU-2016:2090-1 Security update for apache2

This update for apache2 fixes the following issues: - It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...

openSUSE Security Update : squid (openSUSE-2016-988)

The Squid HTTP proxy has been updated to version 3.3.14, fixing the following security issues : - Fixed multiple Denial of Service issues in HTTP Response processing. CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc968392, bsc968393, bsc968394, bsc968395 - CVE-2016-3947: Buffer...

SUSE-SU-2016:2008-1 Security update for squid

The Squid HTTP proxy has been updated to version 3.3.14, fixing the following security issues: - Fixed multiple Denial of Service issues in HTTP Response processing. CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc968392, bsc968393, bsc968394, bsc968395 - CVE-2016-3947: Buffer...

PHP 5.5.x < 5.5.38 / 5.6.x < 5.6.24 / 7.0.x < 7.0.9 Multiple Vulnerabilities

Binary data 9460.prm...

openSUSE Security Update : php5 (openSUSE-2016-921) (httpoxy)

This update for php5 fixes the following issues : - It is possible to launch a web server with 'php -S localhost:8080' It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request...

Go: sets environmental variable based on user supplied Proxy request header

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's net/http package,...

Updated apache packages fix security vulnerability

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Using free http proxy IP for the network scanning-vulnerability warning-the black bar safety net

How from free proxy IP, find a vulnerability, here is my definition of discovered vulnerabilities, is because I personally feel that this vulnerability is a technical comparison of the difference, the more likely is the discovery, analysis, and summary. As a Information Security for the novice, b...

PHP < 5.6.24, 7.x <= 7.0.8 Multiple Vulnerabilities (Jul 2016) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Apache HTTP Server Man-in-the-Middle Attack Vulnerability (Jul 2016) - Linux

Apache HTTP Server is prone to a man-in-the-middle attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...