ID de Prueba:	1.3.6.1.4.1.25623.1.0.808632
Categoría:	Web Servers
Título:	Apache HTTP Server Man-in-the-Middle Attack Vulnerability - July16 (Linux)
Resumen:	Apache HTTP Server is prone to a man-in-the-middle attack vulnerability.
Descripción:	Summary: Apache HTTP Server is prone to a man-in-the-middle attack vulnerability. Vulnerability Insight: The flaw is due to 'CGI Servlet' does not protect applications from the presence of untrusted client data in the 'HTTP_PROXY' environment variable. Vulnerability Impact: Successful exploitation will allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted proxy header in an HTTP request. Affected Software/OS: Apache HTTP Server through 2.4.23. NOTE: Apache HTTP Server 2.2.32 is not vulnerable. Solution: Update to version 2.4.24, or 2.2.32, or later. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 91816 Common Vulnerability Exposure (CVE) ID: CVE-2016-5387 http://www.securityfocus.com/bid/91816 CERT/CC vulnerability note: VU#797896 http://www.kb.cert.org/vuls/id/797896 Debian Security Information: DSA-3623 (Google Search) http://www.debian.org/security/2016/dsa-3623 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/ https://security.gentoo.org/glsa/201701-36 https://httpoxy.org/ https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E RedHat Security Advisories: RHSA-2016:1420 https://access.redhat.com/errata/RHSA-2016:1420 RedHat Security Advisories: RHSA-2016:1421 https://access.redhat.com/errata/RHSA-2016:1421 RedHat Security Advisories: RHSA-2016:1422 https://access.redhat.com/errata/RHSA-2016:1422 RedHat Security Advisories: RHSA-2016:1624 http://rhn.redhat.com/errata/RHSA-2016-1624.html RedHat Security Advisories: RHSA-2016:1625 http://rhn.redhat.com/errata/RHSA-2016-1625.html RedHat Security Advisories: RHSA-2016:1635 https://access.redhat.com/errata/RHSA-2016:1635 RedHat Security Advisories: RHSA-2016:1636 https://access.redhat.com/errata/RHSA-2016:1636 RedHat Security Advisories: RHSA-2016:1648 http://rhn.redhat.com/errata/RHSA-2016-1648.html RedHat Security Advisories: RHSA-2016:1649 http://rhn.redhat.com/errata/RHSA-2016-1649.html RedHat Security Advisories: RHSA-2016:1650 http://rhn.redhat.com/errata/RHSA-2016-1650.html RedHat Security Advisories: RHSA-2016:1851 https://access.redhat.com/errata/RHSA-2016:1851 http://www.securitytracker.com/id/1036330 SuSE Security Announcement: openSUSE-SU-2016:1824 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html http://www.ubuntu.com/usn/USN-3038-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.