ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0262
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0262)
Resumen:	The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2016-0262 advisory.
Descripción:	Summary: The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2016-0262 advisory. Vulnerability Insight: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request (CVE-2016-5387). Affected Software/OS: 'apache' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5387 BugTraq ID: 91816 http://www.securityfocus.com/bid/91816 CERT/CC vulnerability note: VU#797896 http://www.kb.cert.org/vuls/id/797896 Debian Security Information: DSA-3623 (Google Search) http://www.debian.org/security/2016/dsa-3623 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/ https://security.gentoo.org/glsa/201701-36 https://httpoxy.org/ https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E RedHat Security Advisories: RHSA-2016:1420 https://access.redhat.com/errata/RHSA-2016:1420 RedHat Security Advisories: RHSA-2016:1421 https://access.redhat.com/errata/RHSA-2016:1421 RedHat Security Advisories: RHSA-2016:1422 https://access.redhat.com/errata/RHSA-2016:1422 RedHat Security Advisories: RHSA-2016:1624 http://rhn.redhat.com/errata/RHSA-2016-1624.html RedHat Security Advisories: RHSA-2016:1625 http://rhn.redhat.com/errata/RHSA-2016-1625.html RedHat Security Advisories: RHSA-2016:1635 https://access.redhat.com/errata/RHSA-2016:1635 RedHat Security Advisories: RHSA-2016:1636 https://access.redhat.com/errata/RHSA-2016:1636 RedHat Security Advisories: RHSA-2016:1648 http://rhn.redhat.com/errata/RHSA-2016-1648.html RedHat Security Advisories: RHSA-2016:1649 http://rhn.redhat.com/errata/RHSA-2016-1649.html RedHat Security Advisories: RHSA-2016:1650 http://rhn.redhat.com/errata/RHSA-2016-1650.html RedHat Security Advisories: RHSA-2016:1851 https://access.redhat.com/errata/RHSA-2016:1851 http://www.securitytracker.com/id/1036330 SuSE Security Announcement: openSUSE-SU-2016:1824 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html http://www.ubuntu.com/usn/USN-3038-1
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.