Test ID:	1.3.6.1.4.1.25623.1.0.120720
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2016-731)
Summary:	The remote host is missing an update for the 'golang' package(s) announced via the ALAS-2016-731 advisory.
Description:	Summary: The remote host is missing an update for the 'golang' package(s) announced via the ALAS-2016-731 advisory. Vulnerability Insight: An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header. The environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. Affected Software/OS: 'golang' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5386 CERT/CC vulnerability note: VU#797896 http://www.kb.cert.org/vuls/id/797896 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WGHKKCFP4PLVSWQKCM3FJJPEWB5ZNTU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR52UXGM6RKSCWF3KQMVZGVZVJ3WEESJ/ https://httpoxy.org/ RedHat Security Advisories: RHSA-2016:1538 http://rhn.redhat.com/errata/RHSA-2016-1538.html
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.