Lucene search
K

12 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2016-0398)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7AI score
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:33 a.m.24 views

Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212)

Summary PowerKVM is affected by a vulnerability in lighttpd. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-1000212 DESCRIPTION: lighttpd could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from...

0.8AI score
Exploits0Affected Software1
OSV
OSV
added 2017/03/17 2:7 p.m.7 views

SUSE-SU-2017:0731-1 Security update for lighttpd

This update for lighttpd fixes the following issues: Security issues fixed: - CVE-2016-1000212: Don't allow requests to set the HTTPPROXY variable. As CGI apps might pick it up and use it for outgoing requests. bsc990847 - CVE-2015-3200: Log injection via malformed base64 string in Authentication...

7.5CVSS7.6AI score0.09978EPSS
Exploits1References6
OSV
OSV
added 2016/11/25 5:4 p.m.9 views

MGASA-2016-0398 Updated lighttpd packages fix security vulnerability

Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...

7.4AI score
Exploits0References3
Mageia
Mageia
added 2016/11/25 5:4 p.m.33 views

Updated lighttpd packages fix security vulnerability

Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...

0.3AI score
Exploits0References2
Amazon
Amazon
added 2016/09/15 12:0 a.m.40 views

Important: lighttpd

Issue Overview: It was discovered that lighttpd class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP reques...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/11 12:0 a.m.23 views

Fedora 24 : lighttpd (2016-07e9059072)

1.4.41 ---- Patch for CVE-2016-1000212. ---- Connection state patch. ---- Patch for ipv6 blocking bug. ---- 1.4.40 https://www.lighttpd.net/2016/7/16/1.4.40/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable ha...

7AI score
Exploits0References3
OpenVAS
OpenVAS
added 2016/08/11 12:0 a.m.20 views

Fedora Update for lighttpd FEDORA-2016-07e9059072

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.6AI score
Exploits0References2
Debian
Debian
added 2016/08/06 2:36 a.m.42 views

[SECURITY] [DSA 3642-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3642-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 05, 2016 https://www.debian.org/security/faq -...

1.9AI score
Exploits0
Debian
Debian
added 2016/08/06 2:36 a.m.23 views

[SECURITY] [DSA 3642-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3642-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 05, 2016 https://www.debian.org/security/faq -...

7.5AI score
Exploits0
Debian
Debian
added 2016/08/03 6:5 a.m.39 views

[SECURITY] [DLA 583-1] lighttpd security update

Package : lighttpd Version : 1.4.31-4+deb7u5 CVE ID : CVE-2016-1000212 Debian Bug : 832571 Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2016/07/27 12:0 a.m.21 views

CVE-2016-1000212

Mitigation for HTTPoxy vulnerability...

6.8AI score
Exploits0References2
Rows per page
Query Builder