PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.24. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wi...

PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.9. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance wit...

Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212)

Summary PowerKVM is affected by a vulnerability in lighttpd. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-1000212 DESCRIPTION: lighttpd could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from...

Security Bulletin: A vulnerability in the Apache HTTP Server affects PowerKVM (CVE-2016-5387)

Summary PowerKVM is affected by a vulnerability in the Apache HTTP Server httpd. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2016-5387 DESCRIPTION: Apache HTTP Server could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the lack of protection ...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

Summary Apache Struts vulnerabilities affect WebSphere Application Server and WebSphere Application Server Hypervisor Edition Administration Console. There is a potential denial of service with IBM WebSphere Application Server when using SIP services. There are several vulnerabilities that may...

HTTPoxyScan - HTTPoxy Exploit Scanner

PoC/Exploit scanner to scan common CGI files on a target URL for the HTTPoxy vulnerability. Httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. For more details, go to https://httpoxy.org. REQUIREMENTS: Requires ncat to establish reverse...

HTTPoxy Vulnerability

composer/composer is vulnerable to the HTTPoxy vulnerability. The vulnerability exists because the library trusts the HTTPPROXY environment variable, and allows the configuration of proxies by setting the environment variables HTTPPROXY and HTTPSPROXY without checking if CGI is in use...

python security and bug fix update

2.7.5-58.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-58 - Set stream to None in case an open fails. Resolves: rhbz1432003 2.7.5-57 - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz1441237 2.7.5-56 - Fix shutil.makearchive...

Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)

The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...

Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache : - A flaw exists in the modsessioncrypto module due to encryption for data and cookies using the configured...

HTTPoxy Vulnerability

net/http/cgi and net/http in github.com/golang/go is vulnerable to httpoxy attacks. The vulnerability exists because it trusts the HTTPPROXY environment variable, and allows the configuration of proxies by setting the environment variables HTTPPROXY and HTTPSPROXY without checking if CGI is in us...

EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1049)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly conside...

Httpoxy Vulnerability Through CGI Servlet

twisted is vulnerable to httpoxy. The vulnerability exists because it trusts the HTTPPROXY header, and allows the configuration of proxies by setting the environment variables HTTPPROXY and HTTPSPROXY without checking if CGI is in use...

Httpoxy Vulnerability Through CGI Servlet

web-core is vulnerable to a remotely exploitable vulnerability aka "httpoxy". The vulnerability exists when CGI Servlet is activated in the configuration by modifying the web.xml. It then allows the execution of a CGI script which may assign client request Proxy header values to internal HTTPPROX...

BSA-2017-115

Security Advisory ID : BSA-2017-115 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow...

GLSA-201701-36 : Apache: Multiple vulnerabilities (httpoxy)

The remote host is affected by the vulnerability described in GLSA-201701-36 Apache: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers, upstream Apache Software Foundation documentation, and HTTPoxy website referenced below for...

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers, upstream Apache Software Foundation documentation, and HTTPoxy website referenced below for details...