macOS : macOS Server < 5.2 Multiple Vulnerabilities (httpoxy)

The version of macOS Server formerly known as Mac OS X Server installed on the remote host is prior to 5.2. It is, therefore, affected by the following vulnerabilities : - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resol...

Oracle Linux 6 / 7 : python-twisted-web (ELSA-2016-1978)

The remote Oracle Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2016-1978 advisory. 8.2.0-5 - Rebase HTTPoxy patch and bump release for rebuild Resolves: rhbz1358789 8.2.0-4 - Fix HTTPoxy CVE-2016-1000111 Resolves: rhbz1358789 Tenable has...

python-twisted-web security update

8.2.0-5 - Rebase HTTPoxy patch and bump release for rebuild Resolves: rhbz1358789 8.2.0-4 - Fix HTTPoxy CVE-2016-1000111 Resolves: rhbz1358789...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

Design/Logic Flaw

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

CVE-2016-4694 (httpoxy) affects Apache httpd on Apple OS X prior to 10.12/OS X Server prior to 5.2, where untrusted CGI client data in the HTTP_PROXY environment variable could redirect outbound traffic to an arbitrary proxy via a crafted Proxy header. The connected Apple security content shows A...

Updated tomcat packages fix security vulnerability

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

SUSE SLES11 Security Update : python (SUSE-SU-2016:2270-1) (httpoxy)

This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 - CVE-2016-5699: incorrect validation of HTTP headers allow header injection bsc985348 - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding...

SUSE-SU-2016:2270-1 Security update for python

This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 - CVE-2016-5699: incorrect validation of HTTP headers allow header injection bsc985348 - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy)

This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 - CVE-2016-5636: heap overflow when importing malformed zip files bsc985177 - CVE-2016-5699: incorrect validation of HTTP headers allow header injection bsc985348 -...

MGASA-2016-0296 Updated python3/python packages fix security vulnerability

Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTPPROXY” environmental variable based on the header value. When this variable is used in man...

Updated python3/python packages fix security vulnerability

Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTPPROXY” environmental variable based on the header value. When this variable is used in man...

openSUSE Security Update : apache2-mod_fcgid (openSUSE-2016-1005) (httpoxy)

This update for apache2-modfcgid fixes the following issues : - CVE-2016-1000104 / CVE-2016-5387: A remote attacker could have set the HTTPPROXY environment variable of CGI scripts boo988488 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

SUSE-SU-2016:2106-1 Security update for python

This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 - CVE-2016-5636: heap overflow when importing malformed zip files bsc985177 - CVE-2016-5699: incorrect validation of HTTP headers allow header injection bsc985348 -...

Oracle Linux 6 / 7 : python (ELSA-2016-1626)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1626 advisory. - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359161 - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack rhbz1303647 Raise...

RHEL 6 : Red Hat JBoss Web Server 3.0.3 Service Pack 1 (RHSA-2016:1636) (httpoxy)

Updated packages that provide Red Hat JBoss Web Server 3.0.3 Service Pack 1 and fixes two security issues and a bug with ajp processors are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

OracleVM 3.3 / 3.4 : python (OVMSA-2016-0099) (httpoxy)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle Linux distribution in platform.py orabug 21288328 Keshav Sharma - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359161 - Fix for CVE-2016-0772 python: smtplib StartTLS stripping...