12 matches found
Mageia: Security Advisory (MGASA-2016-0398)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212)
Summary PowerKVM is affected by a vulnerability in lighttpd. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-1000212 DESCRIPTION: lighttpd could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from...
SUSE-SU-2017:0731-1 Security update for lighttpd
This update for lighttpd fixes the following issues: Security issues fixed: - CVE-2016-1000212: Don't allow requests to set the HTTPPROXY variable. As CGI apps might pick it up and use it for outgoing requests. bsc990847 - CVE-2015-3200: Log injection via malformed base64 string in Authentication...
MGASA-2016-0398 Updated lighttpd packages fix security vulnerability
Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...
Updated lighttpd packages fix security vulnerability
Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...
Important: lighttpd
Issue Overview: It was discovered that lighttpd class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP reques...
Fedora 24 : lighttpd (2016-07e9059072)
1.4.41 ---- Patch for CVE-2016-1000212. ---- Connection state patch. ---- Patch for ipv6 blocking bug. ---- 1.4.40 https://www.lighttpd.net/2016/7/16/1.4.40/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable ha...
Fedora Update for lighttpd FEDORA-2016-07e9059072
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3642-1] lighttpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3642-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 05, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3642-1] lighttpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3642-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 05, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 583-1] lighttpd security update
Package : lighttpd Version : 1.4.31-4+deb7u5 CVE ID : CVE-2016-1000212 Debian Bug : 832571 Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables...
CVE-2016-1000212
Mitigation for HTTPoxy vulnerability...