Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.25. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the modsessioncrypto module due to encryption for data and cookies using the configured ciphers with possibly either...

Apache 2.2.x < 2.2.32 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.32. It is, therefore, affected by the following vulnerabilities : - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve...

CVE-2016-6287

The "http-client" egg always used a HTTPPROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throu...

CVE-2016-6287

The "http-client" egg always used a HTTPPROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throu...

Design/Logic Flaw

The "http-client" egg always used a HTTPPROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throu...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

CVE-2016-6287

The "http-client" egg always used a HTTPPROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throu...

CVE-2016-6286

The CVE-2016-6286 issue affects the CHICKEN spiffy-cgi-handlers egg, where a nonexistent Proxy header is mapped to the HTTP_PROXY environment variable. This allows CGI programs that use HTTP_PROXY to be directed to an attacker-controlled proxy (an httpoxy-style flaw). It applies to all versions p...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

CVE-2016-6287

The CVE-2016-6287 entry concerns the CHICKEN http-client egg. The vulnerability arises because the http-client used the HTTP_PROXY environment variable to decide whether to route HTTP traffic via a proxy, even in CGI contexts. This allowed a user-supplied Proxy header under several web servers to...

[slackware-security] python

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/python-2.7.13-i586-1slack14.2.txz: Upgraded. This release fixes security issues: Issue 27850: Remove 3DES from ssl module...

Multiple CVEs: httpoxy | Cloud Foundry

Multiple CVEs: httpoxy Low Vendor Cloud Foundry Versions Affected Go Buildpack versions prior to 1.7.10 PHP Buildpack versions prior to 4.3.17 Description httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict...

FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy)

Apache Software Foundation reports : Please reference CVE/URL list for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors...

Debian DLA-749-1 : php5 security update (httpoxy)

CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's...

GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)

The remote host is affected by the vulnerability described in GLSA-201611-22 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a...

Fedora 25 : python3 (2016-c843c68c77) (httpoxy)

Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Oracle Linux 7 : python (ELSA-2016-2586)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-2586 advisory. - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359164 - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.getdata...

Amazon Linux: Security Advisory (ALAS-2016-725)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2016-722)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...