CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

184 matches found

OpenVAS•added 2021/04/19 12:0 a.m.•28 views

SUSE: Security Advisory (SUSE-SU-2016:1818-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.51564EPSS

Exploits0References4

OpenVAS•added 2021/04/19 12:0 a.m.•15 views

SUSE: Security Advisory (SUSE-SU-2016:2188-1)

8.1CVSS8.4AI score0.40246EPSS

Exploits0References5

OpenVAS•added 2020/05/26 12:0 a.m.•65 views

Huawei Data Communication: A CGI application vulnerability in Some Huawei Products (huawei-sa-20171129-01-httpproxy)

Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

8.1CVSS8AI score0.45904EPSS

Exploits0References1

RedhatCVE•added 2020/04/16 9:33 a.m.•31 views

CVE-2016-1000107

A flaw was found in the Inets application in Erlang version 22.1 and possibly earlier, where it follows RFC 3875 section 4.1.18 and does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable. This flaw allows remote attackers to redirect an...

6.1CVSS5.2AI score0.00399EPSS

Exploits0References3

NVD•added 2020/03/11 8:15 p.m.•9 views

CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS5.2AI score0.00581EPSS

Exploits0References4

Prion•added 2020/03/11 8:15 p.m.•11 views

Design/Logic Flaw

5CVSS7AI score0.00581EPSS

Exploits0References4Affected Software1

Debian CVE•added 2020/03/11 7:5 p.m.•13 views

CVE-2016-1000111

5.3CVSS5.1AI score0.00581EPSS

Exploits0

Cvelist•added 2020/03/11 7:5 p.m.•9 views

CVE-2016-1000111

5.1AI score0.00581EPSS

Exploits0References4

CVE•added 2020/03/11 7:5 p.m.•145 views

CVE-2016-1000111

CVE-2016-1000111 affects Twisted before 16.3.1, where the Proxy header can initialize HTTP_PROXY for CGI scripts, enabling potential redirection of outbound traffic to an attacker-controlled proxy (httpoxy). Connected advisories (e.g., Red Hat RHSA-2018:0273, SUSE SUSE-SU-2017:0114-1, Ubuntu USN-...

5.3CVSS5AI score0.00581EPSS

Exploits0References4Affected Software1

AlpineLinux•added 2020/03/11 7:5 p.m.•18 views

CVE-2016-1000111

5.3CVSS5.2AI score0.00581EPSS

Exploits0

UbuntuCve•added 2020/02/19 1:15 p.m.•35 views

CVE-2016-1000109

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic t...

5.3CVSS6.9AI score0.01595EPSS

Exploits1References2

CVE•added 2020/02/19 12:38 p.m.•56 views

CVE-2016-1000109

HHVM is vulnerable to an httpoxy-style issue where untrusted data in the HTTP_PROXY variable can redirect a CGI app’s outbound traffic to an arbitrary proxy. Affected HHVM ranges include pre-3.9.6, 3.10.0–3.12.4, and 3.13.0–3.14.2. The CVE-2016-1000109 description confirms the root cause as RFC 3...

5.3CVSS5.4AI score0.01595EPSS

Exploits1References3Affected Software1

Cvelist•added 2020/02/19 12:38 p.m.•21 views

CVE-2016-1000109

6AI score0.01595EPSS

Exploits1References3

OpenVAS•added 2020/01/23 12:0 a.m.•37 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2016-1036)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.2AI score0.41714EPSS

Exploits6References2

IBM Security Bulletins•added 2019/12/18 2:26 p.m.•45 views

Security Bulletin: Vulnerabilities CVE-2016-5387 and CVE-2016-5388 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-5388 DESCRIPTION: Apache Tomcat could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of...

8.1CVSS0.7AI score0.51564EPSS

Exploits0Affected Software1

OSV•added 2019/12/10 6:15 p.m.•15 views

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

6.1CVSS6.9AI score0.00399EPSS

Exploits0References4

NVD•added 2019/12/10 6:15 p.m.•13 views

CVE-2016-1000107

6.1CVSS6.2AI score0.00399EPSS

Exploits0References4

OSV•added 2019/12/10 6:15 p.m.•4 views

UBUNTU-CVE-2016-1000107

6.1CVSS6AI score0.00399EPSS

Exploits0References3

UbuntuCve•added 2019/12/10 6:15 p.m.•26 views

CVE-2016-1000107