Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

TYPO3 AssociationTYPO3-EXT-SA-2018-005

HistoryAug 09, 2018 - 12:00 a.m.

Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)

2018-08-0900:00:00

TYPO3 Association

typo3.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read <https://www.symfony.fi/entry/httpoxy-vulnerability-hits-php-installations-using-fastcgi-and-php-fpm-and-hhvm> or <https://httpoxy.org/> for further details.

CPENameOperatorVersion
aws_sdk_phple3.18.28

CPE	Name	Operator	Version
	aws_sdk_php	le	3.18.28

redhatcve 1

openvas 18

nessus 34

friendsofphp 2

fedora 6

oraclelinux 3

github 1

prion 2

centos 2

redhat 5

f5 1

debiancve 1

cve 2

ibm 8

veracode 1

typo3 3

osv 2

gitlab 1

archlinux 1

ubuntucve 1

slackware 1

cloudfoundry 2

checkpoint_advisories 1

cert 1

threatpost 1

impervablog 1

debian 2

amazon 1

freebsd 1

ubuntu 1

gentoo 1

kitploit 1

rosalinux 1

oracle 2

redhatcve

CVE-2016-5385

2016-07-18 14:19:09

openvas

Fedora Update for php FEDORA-2016-8eb11666aa

2016-08-04 00:00:00

RedHat Update for php RHSA-2016:1613-01

2016-08-12 00:00:00

RedHat Update for php RHSA-2016:1609-01

2016-08-12 00:00:00

nessus

RHEL 7 : php (RHSA-2016:1613) (httpoxy)

2016-08-12 00:00:00

Fedora 24 : php-guzzlehttp-guzzle (2016-aef8a45afe) (httpoxy)

2016-07-29 00:00:00

Fedora 23 : php (2016-cd2bd0800f) (httpoxy)

2016-08-01 00:00:00

friendsofphp

HTTP Proxy header vulnerability

2018-02-12 19:47:17

HTTP Proxy header vulnerability

2016-07-18 20:27:36

fedora

[SECURITY] Fedora 23 Update: php-guzzlehttp-guzzle6-6.2.1-1.fc23

2016-07-29 02:55:08

[SECURITY] Fedora 23 Update: php-guzzlehttp-guzzle-5.3.1-1.fc23

2016-07-29 02:55:03

[SECURITY] Fedora 24 Update: php-guzzlehttp-guzzle6-6.2.1-1.fc24

2016-07-29 00:00:06

oraclelinux

php security update

2016-08-11 00:00:00

php security and bug fix update

2016-08-11 00:00:00

php security and bug fix update

2016-11-09 00:00:00

github

HTTP Proxy header vulnerability

2022-04-07 13:59:22

prion

Design/Logic Flaw

2016-07-19 02:00:00

Design/Logic Flaw

2016-10-06 14:59:00

centos

php security update

2016-08-12 11:27:56

php security update

2016-08-11 21:20:11

redhat

(RHSA-2016:1611) Moderate: php55-php security update

2016-08-11 19:52:52

(RHSA-2016:1612) Moderate: rh-php56-php security update

2016-08-11 19:53:18

(RHSA-2016:1610) Moderate: php54-php security update

2016-08-11 19:51:58

K73071205 : PHP vulnerability CVE-2016-5385

2016-07-26 00:00:00

debiancve

CVE-2016-5385

2016-07-19 02:00:00

cve

CVE-2016-5385

2016-07-19 02:00:00

CVE-2016-1000100

2016-10-06 14:59:00

ibm

Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385)

2018-06-18 01:33:23

Security Bulletin: Multiple vulnerabilities affecting web servers that run code in a CGI or CGI-like context affects IBM API Connect (CVE-2016-5385, CVE-2016-1000105)

2018-06-15 07:06:31

Security Bulletin: IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)

2018-06-16 21:48:14

veracode

Open Redirection

2019-01-15 09:12:46

typo3

Environment Variable Injection

2016-07-19 00:00:00

Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)

2018-08-09 00:00:00

Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)

2018-08-09 00:00:00

osv

HTTP Proxy header vulnerability

2022-04-07 13:59:22

php5 - security update

2016-12-16 00:00:00

gitlab

HTTP Proxy header vulnerability

2016-07-18 00:00:00

archlinux

drupal: proxy injection

2016-07-21 00:00:00

ubuntucve

CVE-2016-5385

2016-07-18 00:00:00

slackware

[slackware-security] php

2016-07-21 23:38:17

cloudfoundry

Multiple CVEs: httpoxy | Cloud Foundry

2016-12-21 00:00:00

USN-3045-1 PHP vulnerabilities | Cloud Foundry

2016-09-09 00:00:00

checkpoint_advisories

CGI Namespace Conflict Man-In-The-Middle (httpoxy; CVE-2016-1000109; CVE-2016-1000110; CVE-2016-5385; CVE-2016-5386; CVE-2016-5387; CVE-2016-5388)

2016-07-19 00:00:00

cert

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

2016-07-18 00:00:00

threatpost

CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack

2016-07-18 18:00:46

impervablog

Python and Go Top the Chart of 2019’s Most Popular Hacking Tools

2020-05-27 09:22:21

debian

[SECURITY] [DSA 3631-1] php5 security update

2016-07-26 20:46:29

[SECURITY] [DLA 749-1] php5 security update

2016-12-16 21:48:18

amazon

Medium: php55, php56

2016-08-01 13:30:00

freebsd

php -- multiple vulnerabilities

2016-07-21 00:00:00

ubuntu

PHP vulnerabilities

2016-08-02 00:00:00

gentoo

PHP: Multiple vulnerabilities

2016-11-30 00:00:00

kitploit

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

2019-11-05 12:00:00

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

oracle

Oracle Critical Patch Update - January 2018

2018-01-16 00:00:00

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Related for TYPO3-EXT-SA-2018-005