Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Vulnerabilities in the Apache Tomcat component affect the product's management GUI. The CLI interface is unaffected. The applicable CVEs are CVE-2016-5385 CVE-2016-5386 CVE-2016-5387 CVE-2016-5388. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker t...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack...

Mageia: Security Advisory (MGASA-2016-0317)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei Data Communication: A CGI application vulnerability in Some Huawei Products (huawei-sa-20171129-01-httpproxy)

Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack or redirect outbound...

Security Advisory - A CGI application vulnerability in Some Huawei Products

Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)

The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...

WatchGuard Fireware XTM < 11.12.1 Multiple Vulnerabilities

WatchGuard Fireware XMT Web UI is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Multiple CVEs: httpoxy | Cloud Foundry

Multiple CVEs: httpoxy Low Vendor Cloud Foundry Versions Affected Go Buildpack versions prior to 1.7.10 PHP Buildpack versions prior to 4.3.17 Description httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict...

OPENSUSE-SU-2016:2536-1 Security update to go1.4

go1.4 was updated to fix the following vulnerabilities: - CVE-2016-5386: Remote attacker could have set the application's HTTPPROXY environment variable via Proxy headers boo988487...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5386. Reason: This candidate is a duplicate of CVE-2016-5386. Notes: All CVE users should reference CVE-2016-5386 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Updated golang package fixes security vulnerability

Updated golang packages fix security vulnerability: Go: sets environmental variable based on user supplied Proxy request header CVE-2016-5386...

openSUSE Security Update : go (openSUSE-2016-979) (httpoxy)

This update addresses a security issue affecting code statically linked with go : - CVE-2016-5386: A remote attacker could set the HTTPPROXY environment variable via Proxy header bsc988487 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

OPENSUSE-SU-2016:2055-1 security update for go

This update addresses a security issue affecting code statically linked with go: - CVE-2016-5386: A remote attacker could set the HTTPPROXY environment variable via Proxy header bsc988487...

OPENSUSE-SU-2016:2054-1 security update for go

This update addresses a security issue affecting code statically linked with go: - CVE-2016-5386: A remote attacker could set the HTTPPROXY environment variable via Proxy header bsc988487...

CentOS Update for golang CESA-2016:1538 centos7

Check the version of golang SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882533";...

Scientific Linux Security Update : golang on SL7.x x86_64 (20160803) (httpoxy)

The following packages have been upgraded to a newer upstream version: golang 1.6.3. Security Fixes : - An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTPPROXY' using the incoming 'Proxy' HTTP-request header...

Fedora Update for golang FEDORA-2016-ea5e284d34

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : golang (RHSA-2016:1538) (httpoxy)

An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS 7 : golang (CESA-2016:1538) (httpoxy)

An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...