CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

Tenable Nessus•added 2026/01/16 12:0 a.m.•2 views

MiracleLinux 7 : php-5.4.16-36.3.el7 (AXSA:2016-624:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-624:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

8.1CVSS7.1AI score0.83504EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-1054

Malware in sbrugna...

5.3CVSS6.6AI score0.01595EPSS

Exploits1References4

Tenable Nessus•added 2025/08/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data...

6.1CVSS6.6AI score0.00399EPSS

Exploits0References3

Tenable Nessus•added 2023/10/20 12:0 a.m.•39 views

Ubuntu 16.04 ESM : Apache Tomcat 7 vulnerabilities (USN-4791-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4791-1 advisory. It was discovered that Apache Tomcat 7 did not protect applications from the presence of untrusted client data in an environment variable. A remote...

8.1CVSS7.6AI score0.3676EPSS

Exploits0References3

F5 Networks•added 2023/02/21 8:2 p.m.•74 views

K51663510: Apache Tomcat vulnerability CVE-2016-5388

Security Advisory Description Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect ...

8.1CVSS6.7AI score0.3676EPSS

Exploits0

F5 Networks•added 2023/02/21 7:46 p.m.•50 views

K73071205: PHP vulnerability CVE-2016-5385

Security Advisory Description PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

8.1CVSS7.2AI score0.83504EPSS

Exploits0

SUSE CVE•added 2023/02/15 4:53 a.m.•1 views

SUSE CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS7AI score0.00953EPSS

Exploits0References4

Github Security Blog•added 2022/04/07 1:59 p.m.•78 views

HTTP Proxy header vulnerability

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS1.9AI score0.83504EPSS

Exploits0References50Affected Software7

Github Security Blog•added 2021/04/30 5:32 p.m.•48 views

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS5.4AI score0.00581EPSS

Exploits0References7Affected Software1

OSV•added 2021/04/30 5:32 p.m.•21 views

GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted

6.9CVSS5.4AI score0.00581EPSS

Exploits0References7

CVE•added 2020/02/19 12:38 p.m.•56 views

CVE-2016-1000109

HHVM is vulnerable to an httpoxy-style issue where untrusted data in the HTTP_PROXY variable can redirect a CGI app’s outbound traffic to an arbitrary proxy. Affected HHVM ranges include pre-3.9.6, 3.10.0–3.12.4, and 3.13.0–3.14.2. The CVE-2016-1000109 description confirms the root cause as RFC 3...

5.3CVSS5.4AI score0.01595EPSS

Exploits1References3Affected Software1

OSV•added 2019/12/10 3:15 p.m.•15 views

CVE-2016-1000108

6.1CVSS6.9AI score0.00953EPSS

Exploits0References4

OSV•added 2019/12/10 3:15 p.m.•2 views

DEBIAN-CVE-2016-1000108

6.1CVSS6.5AI score0.00953EPSS

Exploits0References1

UbuntuCve•added 2019/12/10 3:15 p.m.•22 views

CVE-2016-1000108

6.1CVSS6.5AI score0.00953EPSS

Exploits0References2

Debian CVE•added 2019/12/10 2:58 p.m.•15 views

CVE-2016-1000108

6.1CVSS4.2AI score0.00953EPSS

Exploits0

NVD•added 2016/09/25 10:59 a.m.•36 views

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

9.1CVSS7.8AI score0.00961EPSS

Exploits0References6

OSV•added 2016/09/25 10:59 a.m.•1 views

CVE-2016-4694

9.1CVSS6.9AI score

Exploits0References6