MiracleLinux 7 : php55-php-5.5.21-5.el7 (AXSA:2016-632:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-632:01 advisory. Security issues fixed with this release: CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore...

MiracleLinux 4 : php54-php-5.4.40-4.AXS4 (AXSA:2016-620:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-620:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

MiracleLinux 4 : php55-php-5.5.21-5.AXS4 (AXSA:2016-625:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-625:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

MiracleLinux 7 : rh-php56-php-5.6.5-9.el7 (AXSA:2016-623:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-623:03 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

Linux Distros Unpatched Vulnerability : CVE-2016-1000109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted clie...

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

...

Linux Distros Unpatched Vulnerability : CVE-2016-5388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect...

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Vulnerabilities in the Apache Tomcat component affect the product's management GUI. The CLI interface is unaffected. The applicable CVEs are CVE-2016-5385 CVE-2016-5386 CVE-2016-5387 CVE-2016-5388. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker t...

SUSE CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

SUSE CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

SUSE CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

SUSE CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

Unintended Proxy or Intermediary

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. Go Vulnerability Report: An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Pro...

CVE-2016-1000212

Mitigation for HTTPoxy vulnerability...

SUSE: Security Advisory (SUSE-SU-2016:2270-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2020-214

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

UBUNTU-CVE-2016-1000109

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic t...

DEBIAN-CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)

This update for python fixes the following issues : Security issues fixed : CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 CVE-2016-5636: heap overflow when importing malformed zip files bsc985177 CVE-2016-5699: incorrect validation of HTTP headers allow header...

Httpoxy Vulnerability Through CGI Servlet

web-core is vulnerable to a remotely exploitable vulnerability aka "httpoxy". The vulnerability exists when CGI Servlet is activated in the configuration by modifying the web.xml. It then allows the execution of a CGI script which may assign client request Proxy header values to internal HTTPPROX...