MiracleLinux 7 : curl-7.29.0-25.0.1.el7.AXS7 (AXSA:2015-843:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-843:01 advisory. curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FIL...

EUVD-2006-1222

Malware in sbrugna...

EUVD-2016-7216

Malware in sbrugna...

EUVD-2006-4397

Malware in sbrugna...

EUVD-2005-2730

Malware in sbrugna...

EUVD-2025-9719

Malicious code in bioql PyPI...

PT-2025-20706 · Ооо "Юзергейт" · Usergate Next-Generation Firewall

Уязвимость сервиса HTTP-Proxy программного обеспечения межсетевого экрана UserGate Next-Generation Firewall NGFW существует из-за отсутствия мер по проверке вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, читать произвольные файлы...

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

PT-2025-14875 · Bitdefender · Bitdefender Gravityzone Update Server

Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Update Server affected versions not specified Description: A server-side request forgery SSRF issue exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 707...

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2024-35169)

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from accepting characters that are not allowed by the HTTP field name and forwarding a...

Mageia: Security Advisory (MGASA-2016-0359)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +1213 more potentially affected by unknown CVE via http-proxy (>=0.10.0 <=1.18.0)

http-proxy NPM version =0.10.0, =2018.7.11-0, =0.0.1, =0.156.0, =2.6.6, =4.0.0, =3.0.1, =0.0.1, =1.12.2-next.3, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6X33-PW7P-HMPQ...

CentOS Update for tomcat CESA-2016:2046 centos7

Check the version of tomcat SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882575";...

MGASA-2016-0312 Updated tomcat packages fix security vulnerability

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.1 security update

An update is now available for Red Hat JBoss Web Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

SUSE-SU-2016:2090-1 Security update for apache2

This update for apache2 fixes the following issues: - It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...

SUSE-SU-2016:1842-1 Security update for php5

This update for php5 fixes the following issues: It is possible to launch a web server with 'php -S localhost:8080' It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request...

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

SUSE-SU-2016:1819-1 Security update for apache2

This update for apache2 fixes the following issues: It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...