Test Kennung:	1.3.6.1.4.1.25623.1.0.808627
Kategorie:	Web application abuses
Titel:	PHP Man-in-the-Middle Attack Vulnerability - Jul16 (Windows)
Zusammenfassung:	PHP is prone to a man-in-the-middle attack vulnerability.
Beschreibung:	Summary: PHP is prone to a man-in-the-middle attack vulnerability. Vulnerability Insight: The following flaws exist: - The web servers running in a CGI or CGI-like context may assign client request proxy header values to internal HTTP_PROXY environment variables. - 'HTTP_PROXY' is improperly trusted by some PHP libraries and applications - An unspecified flaw in the gdImageCropThreshold function in 'gd_crop.c' in the GD Graphics Library. Vulnerability Impact: Successfully exploiting this issue may allow remote, unauthenticated to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts or to cause a denial of service. Affected Software/OS: PHP versions 5.x through 5.6.23 and 7.0.x through 7.0.8 on Windows Solution: Update to PHP version 5.6.24 or 7.0.19. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 91821 BugTraq ID: 91509 Common Vulnerability Exposure (CVE) ID: CVE-2016-5385 http://www.securityfocus.com/bid/91821 CERT/CC vulnerability note: VU#797896 http://www.kb.cert.org/vuls/id/797896 Debian Security Information: DSA-3631 (Google Search) http://www.debian.org/security/2016/dsa-3631 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/ https://security.gentoo.org/glsa/201611-22 https://httpoxy.org/ RedHat Security Advisories: RHSA-2016:1609 http://rhn.redhat.com/errata/RHSA-2016-1609.html RedHat Security Advisories: RHSA-2016:1610 http://rhn.redhat.com/errata/RHSA-2016-1610.html RedHat Security Advisories: RHSA-2016:1611 http://rhn.redhat.com/errata/RHSA-2016-1611.html RedHat Security Advisories: RHSA-2016:1612 http://rhn.redhat.com/errata/RHSA-2016-1612.html RedHat Security Advisories: RHSA-2016:1613 http://rhn.redhat.com/errata/RHSA-2016-1613.html http://www.securitytracker.com/id/1036335 SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2016-6128 http://www.securityfocus.com/bid/91509 Debian Security Information: DSA-3619 (Google Search) http://www.debian.org/security/2016/dsa-3619 https://security.gentoo.org/glsa/201612-09 http://www.openwall.com/lists/oss-security/2016/06/30/1 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1036276 SuSE Security Announcement: openSUSE-SU-2016:2117 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html SuSE Security Announcement: openSUSE-SU-2016:2363 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://www.ubuntu.com/usn/USN-3030-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.