EUVD-2020-0227

Malware in sbrugna...

Debian: Security Advisory (DLA-749-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:1818-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack or redirect outbound...

SUSE-SU-2016:2941-1 Security update for php7

This update for php7 fixes the following security issues: - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029...

OPENSUSE-SU-2016:2536-1 Security update to go1.4

go1.4 was updated to fix the following vulnerabilities: - CVE-2016-5386: Remote attacker could have set the application's HTTPPROXY environment variable via Proxy headers boo988487...

OPENSUSE-SU-2016:2055-1 security update for go

This update addresses a security issue affecting code statically linked with go: - CVE-2016-5386: A remote attacker could set the HTTPPROXY environment variable via Proxy header bsc988487...

Fedora 24 : php-guzzlehttp-guzzle (2016-aef8a45afe) (httpoxy)

5.3.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Event name fix: https://github.com/guzzle/guzzle/commit/fcae91ff31de41e3 12fe113ec3acbcda31b2622e - Response header case sensitivity fix: https://github.com/guzzle/guzzle/commit/043eeadf20ee40dd...

Fedora 23 : php-guzzlehttp-guzzle (2016-e2c8f5f95a) (httpoxy)

5.3.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Event name fix: https://github.com/guzzle/guzzle/commit/fcae91ff31de41e3 12fe113ec3acbcda31b2622e - Response header case sensitivity fix: https://github.com/guzzle/guzzle/commit/043eeadf20ee40dd...

openSUSE Security Update : apache2 (openSUSE-2016-880) (httpoxy)

This update for apache2 fixes the following issues : - It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...

CVE-2016-1000111

It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote...