9567 matches found
Important: httpd24, httpd
Issue Overview: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remot...
Environment Variable Injection
More info at https://typo3.org/security/advisory/typo3-core-sa-2016-019...
CVE-2016-5388
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
ALPINE-CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...
Design/Logic Flaw
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
Environment Variable Injection
It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Environment Variable Injection Affected Versions: Versions 8.0.0 to...
PHP suffers from httpoxy remote proxy infection vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist primarily in multiple w...
Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...
HTTP Proxy header vulnerability
Bug Fixes Removed support for using HTTPPROXY environment variable for non-CLI apps per CVE-2016-5385 httpoxy. Graham Campbell 143 145 Convert BUGSNAGNOTIFYRELEASESTAGES to a comma-delimited array Jason Graham Campbell 142 144...
HTTP Proxy header vulnerability
Bug Fixes - Removed support for using HTTPPROXY environment variable for non-CLI apps per CVE-2016-5385 httpoxy. Graham Campbell 143 145 - Convert BUGSNAGNOTIFYRELEASESTAGES to a comma-delimited array Jason Graham Campbell 142 144...
USN-3038-1 apache2 vulnerability
It was discovered that the Apache HTTP Server would set the HTTPPROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTPPROXY variable to redirect outgoing HTTP...
Important: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
Important: Red Hat Security Advisory: httpd24-httpd security update
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
CVE-2016-5387
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
CVE-2016-5388
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
UBUNTU-CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
PT-2016-4503 · Twisted +4 · Twisted +4
Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 16.3.1 Description: The issue arises from the software's failure to address RFC 3875 section 4.1.18 namespace conflicts, which leaves CGI applications unprotected from untrusted client data in the HTTP PROXY...