Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.808631
Kategorie:Web Servers
Titel:Apache HTTP Server Man-in-the-Middle Attack Vulnerability (Jul 2016) - Windows
Zusammenfassung:Apache HTTP Server is prone to a man-in-the-middle attack vulnerability.
Beschreibung:Summary:
Apache HTTP Server is prone to a man-in-the-middle attack vulnerability.

Vulnerability Insight:
The flaw is due to 'CGI Servlet' does not
protect applications from the presence of untrusted client data in the
'HTTP_PROXY' environment variable.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to redirect an application's outbound HTTP traffic to an arbitrary
proxy server via a crafted proxy header in an HTTP request.

Affected Software/OS:
Apache HTTP Server through 2.4.23.

NOTE: Apache HTTP Server 2.2.32 is not vulnerable.

Solution:
Update to version 2.4.24, or 2.2.32, or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5387
BugTraq ID: 91816
http://www.securityfocus.com/bid/91816
CERT/CC vulnerability note: VU#797896
http://www.kb.cert.org/vuls/id/797896
Debian Security Information: DSA-3623 (Google Search)
http://www.debian.org/security/2016/dsa-3623
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/
https://security.gentoo.org/glsa/201701-36
https://httpoxy.org/
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
RedHat Security Advisories: RHSA-2016:1420
https://access.redhat.com/errata/RHSA-2016:1420
RedHat Security Advisories: RHSA-2016:1421
https://access.redhat.com/errata/RHSA-2016:1421
RedHat Security Advisories: RHSA-2016:1422
https://access.redhat.com/errata/RHSA-2016:1422
RedHat Security Advisories: RHSA-2016:1624
http://rhn.redhat.com/errata/RHSA-2016-1624.html
RedHat Security Advisories: RHSA-2016:1625
http://rhn.redhat.com/errata/RHSA-2016-1625.html
RedHat Security Advisories: RHSA-2016:1635
https://access.redhat.com/errata/RHSA-2016:1635
RedHat Security Advisories: RHSA-2016:1636
https://access.redhat.com/errata/RHSA-2016:1636
RedHat Security Advisories: RHSA-2016:1648
http://rhn.redhat.com/errata/RHSA-2016-1648.html
RedHat Security Advisories: RHSA-2016:1649
http://rhn.redhat.com/errata/RHSA-2016-1649.html
RedHat Security Advisories: RHSA-2016:1650
http://rhn.redhat.com/errata/RHSA-2016-1650.html
RedHat Security Advisories: RHSA-2016:1851
https://access.redhat.com/errata/RHSA-2016:1851
http://www.securitytracker.com/id/1036330
SuSE Security Announcement: openSUSE-SU-2016:1824 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html
http://www.ubuntu.com/usn/USN-3038-1
CopyrightCopyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.