CVE-2016-4979

Related Files

Gentoo Linux Security Advisory 201610-02

Posted Oct 6, 2016

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-2 - Multiple vulnerabilities have been found in Apache, the worst of which could allow HTTP request smuggling attacks or a Denial of Service condition. Versions less than 2.4.23 are affected.

tags | advisory, web, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2014-3581, CVE-2015-3183, CVE-2016-1546, CVE-2016-4979

SHA-256 | f52938e600b9ac39ca2ead14c607d873649a2281cb33d93efd4e5d0973d35baf

Download | Favorite | View

Red Hat Security Advisory 2016-1420-01

Posted Jul 18, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1420-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi

systems | linux, redhat

advisories | CVE-2016-4979, CVE-2016-5387

SHA-256 | 7cede861a05dabf8a87aa3760a62b71b991e7fc3605adcc358f10a01192a48e5

Download | Favorite | View

Apache 2.4.20 X509 Authentication Bypass

Posted Jul 5, 2016

Authored by Erki Aring | Site httpd.apache.org

Apache HTTPD WebServer versions 2.4.18 through 2.4.20 do not validate an X509 client certificate correctly when the experimental module for the HTTP/2 protocol is used to access a resource.

tags | advisory, web, protocol

advisories | CVE-2016-4979

SHA-256 | 73cb5eb411b034ceb6b622bf0f896e11c8dc4ab336ed65d2398b8fb6ff33854a

Download | Favorite | View