CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216 matches found

Oracle linux•added 2016/08/18 12:0 a.m.•137 views

python security update

2.6.6-66.0.1 - Add Oracle Linux distribution in platform.py orabug 21288328 Keshav Sharma 2.6.6-66 - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359161 2.6.6-65 - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack rhbz1303647 Raise an error when STARTTLS fails upstream pat...

5.8CVSS0.2AI score0.41714EPSS

Exploits6

Tenable Nessus•added 2016/08/18 12:0 a.m.•36 views

Amazon Linux AMI : golang (ALAS-2016-731) (httpoxy)

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTPPROXY' using the incoming 'Proxy' HTTP-request header. The environment variable 'HTTPPROXY' is used by numerous web clients, including Go's net/http package,...

8.1CVSS6.9AI score0.45904EPSS

Exploits0References2

Tenable Nessus•added 2016/08/18 12:0 a.m.•28 views

Fedora 23 : python3 (2016-604616dc33) (httpoxy)

Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

6.1CVSS6.9AI score0.09899EPSS

Exploits0References2

Tenable Nessus•added 2016/08/17 12:0 a.m.•28 views

Scientific Linux Security Update : php on SL7.x x86_64 (20160811) (httpoxy)

Security Fixes : - It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. CVE-2016-5385 Bug Fix...

8.1CVSS6.8AI score0.80902EPSS

Exploits0References2

Tenable Nessus•added 2016/08/15 12:0 a.m.•41 views

Scientific Linux Security Update : php on SL6.x i386/x86_64 (20160811) (httpoxy)

8.1CVSS6.8AI score0.80902EPSS

Exploits0References2

Tenable Nessus•added 2016/08/12 12:0 a.m.•90 views

Oracle Linux 6 : php (ELSA-2016-1609)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-1609 advisory. 5.3.3-48 - don't set environmental variable based on user supplied Proxy request header CVE-2016-5385 Tenable has extracted the preceding description block...

8.1CVSS6.9AI score0.80902EPSS

Exploits0References2

Tenable Nessus•added 2016/08/12 12:0 a.m.•35 views

Fedora 24 : python (2016-9fd814a7f2) (httpoxy)

6.1CVSS6.9AI score0.09899EPSS

Exploits0References2

Tenable Nessus•added 2016/08/12 12:0 a.m.•35 views

Fedora 24 : python3 (2016-2c324d0670) (httpoxy)

6.1CVSS6.9AI score0.09899EPSS

Exploits0References2

CNVD•added 2016/08/09 12:0 a.m.•4 views

lighttpd httpoxy unauthenticated remote vulnerability

Lighttpd is an open source web server. A security vulnerability exists in Lighttpd httpoxy, which can be exploited by a remote attacker to launch a man-in-the-middle attack or initiate a connection to an arbitrary host on the server...

7AI score

Exploits0References1

Tenable Nessus•added 2016/08/09 12:0 a.m.•47 views

Fedora 24 : perl-CGI-Emulate-PSGI (2016-683d0b257b) (httpoxy)

This updates bumps perl-CGI-Emulate-PSGI to version 0.22 which removes the setting of the HTTPPROXY environment value. This works around the httproxy vulnerability aka CVE-2016-5387 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

8.1CVSS6.8AI score0.51564EPSS

Exploits0References2

Tenable Nessus•added 2016/08/09 12:0 a.m.•50 views

Fedora 23 : perl-CGI-Emulate-PSGI (2016-a29c65b00f) (httpoxy)

8.1CVSS6.8AI score0.51564EPSS

Exploits0References2

Tenable Nessus•added 2016/08/04 12:0 a.m.•8 views

FreeBSD : lighttpd - multiple vulnerabilities (ef0033ad-5823-11e6-80cc-001517f335e2)

Lighttpd Project reports : Security fixes for Lighttpd : - security: encode quoting chars in HTML and XML - security: ensure gid != 0 if server.username is set, but not server.groupname - security: disable statcache if server.follow-symlink = 'disable' - security: httpoxy defense: do not emit...

5.4AI score

Exploits0References3

Tenable Nessus•added 2016/08/01 12:0 a.m.•59 views

Debian DLA-568-1 : wordpress security update (httpoxy)

Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2016-5387 WordPress allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via...

8.1CVSS6.9AI score0.51564EPSS

Exploits0References8

myhack58•added 2016/07/31 12:0 a.m.•29 views

PHP, Python, etc. web applications break the Remote Agent vulnerability: httpoxy-vulnerability warning-the black bar safety net

This is a for PHP, Go, Python, and other languages CGI application vulnerabilities. httpoxy is a series of effects to CGI or the class CGI to run application vulnerability name. Simple to say, it is a name space conflict. RFC 3 8 7 5 （CGI）is defined from the HTTP request to the Proxy head filled...

7.5AI score

Exploits0

FreeBSD•added 2016/07/31 12:0 a.m.•18 views

lighttpd - multiple vulnerabilities

Lighttpd Project reports: Security fixes for Lighttpd: security: encode quoting chars in HTML and XML security: ensure gid != 0 if server.username is set, but not server.groupname security: disable statcache if server.follow-symlink = “disable” security: httpoxy defense: do not emit HTTPPROXY to...

1.3AI score

Exploits0References1

Tenable Nessus•added 2016/07/29 12:0 a.m.•28 views

Fedora 23 : golang (2016-340e361b90) (httpoxy)

Security fix for CVE-2016-5386 AKA https://httpoxy.org/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

8.1CVSS6.8AI score0.45904EPSS

Exploits0References3

Tenable Nessus•added 2016/07/29 12:0 a.m.•35 views

Fedora 24 : golang (2016-ea5e284d34) (httpoxy)

8.1CVSS6.8AI score0.45904EPSS

Exploits0References3

Tenable Nessus•added 2016/07/28 12:0 a.m.•43 views

Fedora 23 : httpd (2016-df0726ae26) (httpoxy)

Security fix for CVE-2016-5387. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

8.1CVSS6.8AI score0.51564EPSS

Exploits0References2