CVE-2016-1000104

Опубликовано: 18 июл. 2016

Источник: redhat

CVSS3: 5

CVSS2: 5

EPSS Низкий

Описание

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

Отчет

This issue is addressed through the Apache HTTPD update for CVE-2016-5387 which prevent the Proxy header from automatically being converted into the HTTP_PROXY environmental variable. Unless the "FcgidPassHeader Proxy" is used mod_fcgid is not vulnerable to this attack when used with updated HTTPD. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	mod_fcgid	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1353760mod_fcgid: mod_fcgid sets environmental variable based on user supplied Proxy request header

EPSS

Процентиль: 60%

0.00407

Низкий

5 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

CVE-2016-1000104

CVSS3: 8.8

ubuntu

около 6 лет назад

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

CVE-2016-1000104

CVSS3: 8.8

nvd

около 6 лет назад

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

CVE-2016-1000104

CVSS3: 8.8

msrc

3 месяца назад

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

CVE-2016-1000104

CVSS3: 8.8

debian

около 6 лет назад

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in ...

SUSE-SU-2016:1820-1

suse-cvrf

больше 9 лет назад

Security update for apache2-mod_fcgid

EPSS

Процентиль: 60%

0.00407

Низкий

5 Medium

CVSS3

5 Medium

CVSS2