Test ID:	1.3.6.1.4.1.25623.1.1.10.2016.0296
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0296)
Summary:	The remote host is missing an update for the 'python, python3' package(s) announced via the MGASA-2016-0296 advisory.
Description:	Summary: The remote host is missing an update for the 'python, python3' package(s) announced via the MGASA-2016-0296 advisory. Vulnerability Insight: Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the 'Proxy' request header in their respective CGI implementations and languages by creating the 'HTTP_PROXY' environmental variable based on the header value. When this variable is used (in many cases automatically by various HTTP client libraries) any outgoing requests generated in turn from the attackers original request can be redirected to an attacker controlled proxy. This allows attackers to view potentially sensitive information, reply with malformed data, or to hold connections open causing a potential denial of service. Affected Software/OS: 'python, python3' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1000110 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/ https://security-tracker.debian.org/tracker/CVE-2016-1000110 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.