CVE-2016-5386

Related Files

HPE Security Bulletin HPESBHF03770 1

Posted Aug 28, 2017

Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03770 1 - A potential security vulnerability has been identified in Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat. The vulnerability known as "httpoxy" could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, web, arbitrary, php

advisories | CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388

SHA-256 | 2af8ae566d18e3cd782b2353bc2bd160ea874bc5b28f246c238fe9f009bc5455

Download | Favorite | View

Red Hat Security Advisory 2016-1538-01

Posted Aug 2, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1538-01 - The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang. Security Fix: An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.

tags | advisory, web, cgi

systems | linux, redhat

advisories | CVE-2016-5386

SHA-256 | a49af167bda5963869cc3ce421f91751bc6f1030d72c76554c0eec5ddbbaef2d

Download | Favorite | View