openSUSE Security Update : php7 (openSUSE-2016-1440) (httpoxy)

This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029. This update was imported from the SUSE:SLE-12:Update update project...

SUSE-SU-2016:2941-1 Security update for php7

This update for php7 fixes the following security issues: - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029...

Updated lighttpd packages fix security vulnerability

Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...

Ubuntu 14.04 LTS / 16.04 LTS : Python vulnerabilities (USN-3134-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3134-1 advisory. It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this t...

USN-3134-1: Python vulnerabilities

It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. CVE-2016-0772 Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTPPROXY environme...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)

This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTPPROXY environment variable based on user-supplied Proxy request header. bsc989523 - CVE-2016-0772: A...

[ASA-201611-6] tomcat6: proxy injection

Arch Linux Security Advisory ASA-201611-6 ========================================= Severity: Medium Date : 2016-11-02 CVE-ID : CVE-2016-5388 Package : tomcat6 Type : proxy injection Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package tomcat6 before version...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)

This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTPPROXY environment variable based on user-supplied Proxy request header. bsc989523 - CVE-2016-0772: A...

Amazon Linux: Security Advisory (ALAS-2016-746)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2016-725)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2016-741)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2016:2536-1 Security update to go1.4

go1.4 was updated to fix the following vulnerabilities: - CVE-2016-5386: Remote attacker could have set the application's HTTPPROXY environment variable via Proxy headers boo988487...

Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy)

Security Fixes : - It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

CVE-2016-4694 (httpoxy) affects Apache httpd on Apple OS X prior to 10.12/OS X Server prior to 5.2, where untrusted CGI client data in the HTTP_PROXY environment variable could redirect outbound traffic to an arbitrary proxy via a crafted Proxy header. The connected Apple security content shows A...

About the security content of macOS Server 5.2

About the security content of macOS Server 5.2 This document describes the security content of macOS Server 5.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Amazon Linux AMI : lighttpd (ALAS-2016-746)

It was discovered that lighttpd class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. C Tenable...

Important: lighttpd

Issue Overview: It was discovered that lighttpd class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP reques...

USN-3045-1 PHP vulnerabilities | Cloud Foundry

USN-3045-1 PHP vulnerabilities Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.18 Note: The PHP buildpack is patched from upstream PHP source Description It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker...