Page 20 of 107 results (0.007 seconds)

CVSS: 8.1EPSS: 92%CPEs: 21EXPL: 0

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. PHP hasta la versión 7.0.8 no intenta abordar los conflictos de espacio de nombres de RFC 3875 sección 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que ppodría permitir a atacantes remotos redireccionar el tráfico HTTP saliente de una aplicación a un servidor proxy arbitrario través de una cabecera Proxy manipulada en una petición HTTP, según lo demostrado por (1) una aplicación que hace una llamada getenv('HTTP_PROXY') o (2) una configuración CGI de PHP, también conocido como problema "httpoxy". It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://rhn.redhat.com/errata/RHSA-2016-1609.html http://rhn.redhat.com/errata/RHSA-2016-1610.html http://rhn.redhat.com/errata/RHSA-2016-1611.html http://rhn.redhat.com/errata/RHSA-2016-1612.html http://rhn.redhat.com/errata/RHSA-2016-1613.html http://www.debian.org/security/2016/dsa-3631 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.1EPSS: 17%CPEs: 52EXPL: 0

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. El Apache HTTP Server hasta la versión 2.4.23 sigue a RFC 3875 sección 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que puede permitir a atacantes remotos redireccionar el tráfico HTTP saliente de aplicación a un servidor proxy arbitrario a través de una cabecera Proxy manipulada en una petición HTTP, también conocido como problema "httpoxy". NOTA: el vendedor afirma "Se ha asignado a esta mitigación el identificador CVE-2016-5387"; en otras palabras, esto no es un CVE ID para una vulnerabilidad. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html http://rhn.redhat.com/errata/RHSA-2016-1624.html http://rhn.redhat.com/errata/RHSA-2016-1625.html http://rhn.redhat.com/errata/RHSA-2016-1648.html http://rhn.redhat.com/errata/RHSA-2016-1649.html http://rhn.redhat.com/errata/RHSA-2016-1650.html http://www.debian.org/security/2016/dsa-3623 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." La librería Bouncy Castle Java en versiones anteriores a 1.51 no valida un punto que se encuentra dentro de la curva elíptica, lo que facilita a atacantes remotos obtener claves privadas a través de una serie de intercambios de clave de curva elíptica Diffie Hellman (ECDH) manipulados, también conocida como un 'ataque de curva no válida'. It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://rhn.redhat.com/errata/RHSA-2016-2036.html http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html http://www.debian.org/security/2015/dsa-3417 http://www.openwall.com/lists/oss-security/2015/10/22/7 http://www.openwall.com/lists/oss-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 6.4EPSS: 1%CPEs: 14EXPL: 0

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. La función smb_request_state en cURL y libcurl 7.40.0 hasta 7.42.1 permite a servidores SMB remotos obtener información sensible de la memoria o causar una denegación de servicio (lectura fuera de rango y caída) a través de valores de longitud y desplazamiento manipulados. • http://curl.haxx.se/docs/adv_20150617B.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/75387 http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036371 https://h20566.www2.hpe.com&# • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. La configuración por defecto para cURL y libcurl anterior a 7.42.1 envía cabeceras HTTP personalizadas tanto al servidor proxy como al de destinación, lo que podría permitir a servidores proxy remotos obtener información sensible mediante la lectura de los contenidos de cabeceras. • http://curl.haxx.se/docs/adv_20150429.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html http://www.debian.org/security/2015/dsa-3240 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/cpu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •