CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic t...

5.3CVSS6.8AI score0.01595EPSS

Exploits1References1

F5 Networks•added 2023/02/21 8:2 p.m.•54 views

K92930514: GO vulnerability CVE-2016-5386

Security Advisory Description The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote...

8.1CVSS6.7AI score0.45904EPSS

Exploits0

F5 Networks•added 2023/02/21 6:35 p.m.•24 views

K07112184: HHVM vulnerability CVE-2016-1000109

Security Advisory Description HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

5.3CVSS6.6AI score0.01595EPSS

Exploits1

SUSE CVE•added 2023/02/15 5:0 a.m.•1 views

SUSE CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

8.1CVSS7.7AI score0.45904EPSS

Exploits0References11

SUSE CVE•added 2023/02/15 4:53 a.m.•2 views

SUSE CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS7AI score0.00581EPSS

Exploits0References4

CNNVD•added 2021/05/21 12:0 a.m.•3 views

Netgear NETGEAR 操作系统命令注入漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from NETGEAR devices can be exploited by unauthenticated attackers to inject...

10CVSS8.3AI score0.17229EPSS

Exploits2References3

Github Security Blog•added 2021/04/30 5:32 p.m.•48 views

Forced Browsing in Twisted

5.3CVSS5.4AI score0.00581EPSS

Exploits0References7Affected Software1

OSV•added 2021/04/30 5:32 p.m.•21 views

GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted

6.9CVSS5.4AI score0.00581EPSS

Exploits0References7

Tenable Nessus•added 2021/03/10 12:0 a.m.•43 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2021-0036)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded...

8.1CVSS6.6AI score0.93618EPSS

Exploits1References7

Tenable Nessus•added 2020/10/21 12:0 a.m.•51 views

Scientific Linux Security Update : httpd on SL7.x x86_64 (20201001)

Security Fixes : - httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 - httpd: Out of bounds read in modcachesocache can allow a remote attacker to cause DoS CVE-2018-1303 - httpd: modrewrite configurations vulnerabl...

8.1CVSS6.5AI score0.93618EPSS

Exploits1References7

OSV•added 2020/03/11 8:15 p.m.•11 views

CVE-2016-1000111

5.3CVSS5.2AI score

Exploits0References4