Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1000104 (GCVE-0-2016-1000104)
Vulnerability from cvelistv5 – Published: 2019-12-03 21:12 – Updated: 2024-08-06 03:55
VLAI?
EPSS
Summary
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:26.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91822"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2017-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-03T17:22:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/91822"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/tns-2017-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/07/18/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
},
{
"name": "http://www.securityfocus.com/bid/91822",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/91822"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "MISC",
"url": "https://www.tenable.com/security/tns-2017-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1000104",
"datePublished": "2019-12-03T21:12:15",
"dateReserved": "2016-07-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:26.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-1000104\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-03T22:15:13.480\",\"lastModified\":\"2024-11-21T02:42:52.043\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de Bypass de seguridad en el Proxy FcgidPassHeader en mod_fcgid hasta el 2016-07-07.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:mod_fcgid:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2016-07-07\",\"matchCriteriaId\":\"6AC3895D-3B26-4503-A12B-B07F04E5BFED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/07/18/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/91822\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.tenable.com/security/tns-2017-04\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/07/18/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/91822\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2017-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GSD-2016-1000104
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1000104",
"description": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.",
"id": "GSD-2016-1000104",
"references": [
"https://www.suse.com/security/cve/CVE-2016-1000104.html",
"https://advisories.mageia.org/CVE-2016-1000104.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1000104"
],
"details": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.",
"id": "GSD-2016-1000104",
"modified": "2023-12-13T01:21:18.002463Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2016/07/18/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
},
{
"name": "http://www.securityfocus.com/bid/91822",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/91822"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "MISC",
"url": "https://www.tenable.com/security/tns-2017-04"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:mod_fcgid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2016-07-07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000104"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "MISC",
"tags": [],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "http://www.openwall.com/lists/oss-security/2016/07/18/6",
"refsource": "MISC",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"name": "http://www.securityfocus.com/bid/91822",
"refsource": "MISC",
"tags": [],
"url": "http://www.securityfocus.com/bid/91822"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-02-03T18:15Z",
"publishedDate": "2019-12-03T22:15Z"
}
}
}
CNVD-2016-05254
Vulnerability from cnvd - Published: 2016-07-25
VLAI Severity ?
Title
Apache HTTP Server mod_fcgid模块安全绕过漏洞
Description
Apache HTTP Server是美国阿帕奇(Apache)软件基金会的一款开源网页服务器。mod_fcgid是其中的一个mod_cgi和mod_cgid的替代产品(Apache模块)。
Apache HTTP Server中的mod_fcgid模块中存在安全绕过漏洞。攻击者可利用该漏洞执行未授权操作。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: http://www.apache.org/
Reference
http://www.securityfocus.com/bid/91822
Impacted products
| Name | Apache mod_fcgid 0 |
|---|
{
"bids": {
"bid": {
"bidNumber": "91822"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-1000104"
}
},
"description": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002mod_fcgid\u662f\u5176\u4e2d\u7684\u4e00\u4e2amod_cgi\u548cmod_cgid\u7684\u66ff\u4ee3\u4ea7\u54c1\uff08Apache\u6a21\u5757\uff09\u3002\r\n\r\nApache HTTP Server\u4e2d\u7684mod_fcgid\u6a21\u5757\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
"discovererName": "Scott Geary (VendHQ)",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.apache.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-05254",
"openTime": "2016-07-25",
"products": {
"product": "Apache mod_fcgid 0"
},
"referenceLink": "http://www.securityfocus.com/bid/91822",
"serverity": "\u4e2d",
"submitTime": "2016-07-22",
"title": "Apache HTTP Server mod_fcgid\u6a21\u5757\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
OPENSUSE-SU-2024:10564-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
apache2-mod_fcgid-2.3.9-7.3 on GA media
Notes
Title of the patch
apache2-mod_fcgid-2.3.9-7.3 on GA media
Description of the patch
These are all security issues fixed in the apache2-mod_fcgid-2.3.9-7.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10564
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache2-mod_fcgid-2.3.9-7.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache2-mod_fcgid-2.3.9-7.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10564",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10564-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3872 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4365 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000104 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000104/"
}
],
"title": "apache2-mod_fcgid-2.3.9-7.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10564-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.3.9-7.3.aarch64",
"product": {
"name": "apache2-mod_fcgid-2.3.9-7.3.aarch64",
"product_id": "apache2-mod_fcgid-2.3.9-7.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"product": {
"name": "apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"product_id": "apache2-mod_fcgid-2.3.9-7.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.3.9-7.3.s390x",
"product": {
"name": "apache2-mod_fcgid-2.3.9-7.3.s390x",
"product_id": "apache2-mod_fcgid-2.3.9-7.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.3.9-7.3.x86_64",
"product": {
"name": "apache2-mod_fcgid-2.3.9-7.3.x86_64",
"product_id": "apache2-mod_fcgid-2.3.9-7.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.3.9-7.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64"
},
"product_reference": "apache2-mod_fcgid-2.3.9-7.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.3.9-7.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le"
},
"product_reference": "apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.3.9-7.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x"
},
"product_reference": "apache2-mod_fcgid-2.3.9-7.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.3.9-7.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
},
"product_reference": "apache2-mod_fcgid-2.3.9-7.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-3872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3872"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3872",
"url": "https://www.suse.com/security/cve/CVE-2010-3872"
},
{
"category": "external",
"summary": "SUSE Bug 656092 for CVE-2010-3872",
"url": "https://bugzilla.suse.com/656092"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2010-3872"
},
{
"cve": "CVE-2013-4365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4365"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4365",
"url": "https://www.suse.com/security/cve/CVE-2013-4365"
},
{
"category": "external",
"summary": "SUSE Bug 844935 for CVE-2013-4365",
"url": "https://bugzilla.suse.com/844935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4365"
},
{
"cve": "CVE-2016-1000104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000104"
}
],
"notes": [
{
"category": "general",
"text": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000104",
"url": "https://www.suse.com/security/cve/CVE-2016-1000104"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/989174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.aarch64",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.ppc64le",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.s390x",
"openSUSE Tumbleweed:apache2-mod_fcgid-2.3.9-7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000104"
}
]
}
MSRC_CVE-2016-1000104
Vulnerability from csaf_microsoft - Published: 2019-12-02 00:00 - Updated: 2025-10-01 23:10Summary
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2016-1000104 A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2016-1000104.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.",
"tracking": {
"current_release_date": "2025-10-01T23:10:54.000Z",
"generator": {
"date": "2025-12-27T21:29:39.452Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2016-1000104",
"initial_release_date": "2019-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-10-01T23:10:54.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 mod_fcgid 2.3.9-21",
"product": {
"name": "\u003ccbl2 mod_fcgid 2.3.9-21",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 mod_fcgid 2.3.9-21",
"product": {
"name": "cbl2 mod_fcgid 2.3.9-21",
"product_id": "16858"
}
}
],
"category": "product_name",
"name": "mod_fcgid"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 mod_fcgid 2.3.9-21 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 mod_fcgid 2.3.9-21 as a component of CBL Mariner 2.0",
"product_id": "16858-17086"
},
"product_reference": "16858",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1000104",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16858-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2016-1000104 A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2016-1000104.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T23:10:54.000Z",
"details": "2.3.9-21:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."
}
]
}
SUSE-SU-2016:1820-1
Vulnerability from csaf_suse - Published: 2016-07-18 14:06 - Updated: 2016-07-18 14:06Summary
Security update for apache2-mod_fcgid
Notes
Title of the patch
Security update for apache2-mod_fcgid
Description of the patch
This update for apache2-mod_fcgid fixes the following issues:
* It used to be possible to set an arbitrary $HTTP_PROXY environment variable
for request handlers -- like CGI scripts -- by including a specially crafted
HTTP header in the request (CVE-2016-1000104). As a result, these server
components would potentially direct all their outgoing HTTP traffic through a
malicious proxy server. This patch fixes the issue: the updated Apache server
ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes
(unless a value has been explicitly configured by the administrator in the
configuration file). (bsc#988492)
Patchnames
sdksp4-apache2-mod_fcgid-12653
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_fcgid",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for apache2-mod_fcgid fixes the following issues:\n \n* It used to be possible to set an arbitrary $HTTP_PROXY environment variable\n for request handlers -- like CGI scripts -- by including a specially crafted\n HTTP header in the request (CVE-2016-1000104). As a result, these server\n components would potentially direct all their outgoing HTTP traffic through a\n malicious proxy server. This patch fixes the issue: the updated Apache server\n ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes\n (unless a value has been explicitly configured by the administrator in the\n configuration file). (bsc#988492)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-apache2-mod_fcgid-12653",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1820-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1820-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161820-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1820-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-July/002159.html"
},
{
"category": "self",
"summary": "SUSE Bug 988492",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000104 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000104/"
}
],
"title": "Security update for apache2-mod_fcgid",
"tracking": {
"current_release_date": "2016-07-18T14:06:32Z",
"generator": {
"date": "2016-07-18T14:06:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1820-1",
"initial_release_date": "2016-07-18T14:06:32Z",
"revision_history": [
{
"date": "2016-07-18T14:06:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.2-31.29.1.i586",
"product": {
"name": "apache2-mod_fcgid-2.2-31.29.1.i586",
"product_id": "apache2-mod_fcgid-2.2-31.29.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.2-31.29.1.ia64",
"product": {
"name": "apache2-mod_fcgid-2.2-31.29.1.ia64",
"product_id": "apache2-mod_fcgid-2.2-31.29.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.2-31.29.1.ppc64",
"product": {
"name": "apache2-mod_fcgid-2.2-31.29.1.ppc64",
"product_id": "apache2-mod_fcgid-2.2-31.29.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.2-31.29.1.s390x",
"product": {
"name": "apache2-mod_fcgid-2.2-31.29.1.s390x",
"product_id": "apache2-mod_fcgid-2.2-31.29.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_fcgid-2.2-31.29.1.x86_64",
"product": {
"name": "apache2-mod_fcgid-2.2-31.29.1.x86_64",
"product_id": "apache2-mod_fcgid-2.2-31.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.2-31.29.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.i586"
},
"product_reference": "apache2-mod_fcgid-2.2-31.29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.2-31.29.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.ia64"
},
"product_reference": "apache2-mod_fcgid-2.2-31.29.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.2-31.29.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.ppc64"
},
"product_reference": "apache2-mod_fcgid-2.2-31.29.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.2-31.29.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.s390x"
},
"product_reference": "apache2-mod_fcgid-2.2-31.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_fcgid-2.2-31.29.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.x86_64"
},
"product_reference": "apache2-mod_fcgid-2.2-31.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1000104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000104"
}
],
"notes": [
{
"category": "general",
"text": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000104",
"url": "https://www.suse.com/security/cve/CVE-2016-1000104"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-1000104",
"url": "https://bugzilla.suse.com/989174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-mod_fcgid-2.2-31.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-18T14:06:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000104"
}
]
}
WID-SEC-W-2025-2522
Vulnerability from csaf_certbund - Published: 2016-07-18 22:00 - Updated: 2025-11-10 23:00Summary
Mehrere Webserver: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.
Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Apache ist ein Webserver für verschiedene Plattformen.
Python ist eine universelle, üblicherweise interpretierte höhere Programmiersprache.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in mehreren Webserver Produkten ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.\r\nApache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.\r\nApache ist ein Webserver f\u00fcr verschiedene Plattformen.\r\nPython ist eine universelle, \u00fcblicherweise interpretierte h\u00f6here Programmiersprache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in mehreren Webserver Produkten ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2522 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2025-2522.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2522 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2522"
},
{
"category": "external",
"summary": "Meldung auf httpoxy.org vom 2016-07-18",
"url": "https://httpoxy.org/"
},
{
"category": "external",
"summary": "Cert.org Vulnerability Note VU#797896 vom 2016-07-18",
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"category": "external",
"summary": "Microsoft Knowledge Base article #3179800 vom 2016-07-18",
"url": "https://support.microsoft.com/en-us/kb/3179800"
},
{
"category": "external",
"summary": "Meldung auf nginx.com vom 2016-07-18",
"url": "https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/"
},
{
"category": "external",
"summary": "Meldung auf Apache.org vom 2016-07-18",
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3038-1 vom 2016-07-18",
"url": "http://www.ubuntu.com/usn/usn-3038-1/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1420 vom 2016-07-18",
"url": "https://access.redhat.com/errata/RHSA-2016:1420"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1421 vom 2016-07-18",
"url": "https://access.redhat.com/errata/RHSA-2016:1421"
},
{
"category": "external",
"summary": "Red Hat Bugzilla #1353755 vom 2016-07-18",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387"
},
{
"category": "external",
"summary": "Debian Security Tracker CVE-2016-5387 vom 2016-07-18",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-5387"
},
{
"category": "external",
"summary": "Meldung auf der oss-sec Mailliste vom 2016-07-19",
"url": "http://seclists.org/oss-sec/2016/q3/94"
},
{
"category": "external",
"summary": "CentOS Announce CESA-2016:1421 vom 2016-07-18",
"url": "http://permalink.gmane.org/gmane.linux.centos.announce/9976"
},
{
"category": "external",
"summary": "CentOS Announce CESA-2016:1422 vom 2016-07-18",
"url": "http://permalink.gmane.org/gmane.linux.centos.announce/9975"
},
{
"category": "external",
"summary": "Meldung auf der oss-sec Mailliste vom 2016-07-19",
"url": "http://seclists.org/oss-sec/2016/q3/95"
},
{
"category": "external",
"summary": "Typo3 Core Security Advisory typo3-core-sa-2016-019 vom 2016-07-19",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-019/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3623-1 vom 2016-07-20",
"url": "https://lists.debian.org/debian-security-announce/2016/msg00201.html"
},
{
"category": "external",
"summary": "SUSE Patch vom 2016-07-20",
"url": "https://download.suse.com/patch/finder/?keywords=a513b952ed04bce0c2391eb2ba3b9f2c"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3631 vom 2016-07-27",
"url": "https://www.debian.org/security/2016/dsa-3631"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3045-1 vom 2016-08-02",
"url": "http://www.ubuntu.com/usn/usn-3045-1/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1538 vom 2016-08-03",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1538.html"
},
{
"category": "external",
"summary": "Unify Security Advisory Report - OBSO-1607-01 vom 2016-07-27",
"url": "https://networks.unify.com/security/advisories/OBSO-1607-01.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1609 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1609.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1610 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1610.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1611 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1611.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1612 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1612.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1613 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1613.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2090 vom 2016-08-17",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2016-August/002213.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory RHSA-2016-1624",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory RHSA-2016-1625",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1625.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1630-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1630.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1629-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1629.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1628-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1628.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1627-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1627.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1626-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2106-1 vom 2016-08-19",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2016-August/002219.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1650-1 vom 2016-08-22",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1649-1 vom 2016-08-22",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1648-1 vom 2016-08-22",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2188-1 vom 2016-09-03",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162188-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2229-1 vom 2016-09-07",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162229-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2270-1 vom 2016-09-10",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1978 vom 2016-09-30",
"url": "https://access.redhat.com/errata/RHSA-2016:1978"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2653-1 vom 2016-10-26",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162653-1.html"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBUX03665 vom 2016-11-07",
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2016-2586 vom 2016-11-09",
"url": "http://linux.oracle.com/errata/ELSA-2016-2586.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2016-2598 vom 2016-11-09",
"url": "http://linux.oracle.com/errata/ELSA-2016-2598.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2859-1 vom 2016-11-18",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162859-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3134-1 vom 2016-11-23",
"url": "http://www.ubuntu.com/usn/usn-3134-1/"
},
{
"category": "external",
"summary": "Eintrag auf Apache.org",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0114-1 vom 2017-01-12",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170114-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0190-1 vom 2017-01-18",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170190-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3177-1 vom 2017-01-23",
"url": "http://www.ubuntu.com/usn/usn-3177-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3177-2 vom 2017-02-02",
"url": "http://www.ubuntu.com/usn/usn-3177-2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1632-1 vom 2017-06-21",
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-06/msg00025.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1660-1 vom 2017-06-24",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171660-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:0273 vom 2018-02-05",
"url": "https://access.redhat.com/errata/RHSA-2018:0273"
},
{
"category": "external",
"summary": "Dell/EMC Knowledge Base Article: 000529947",
"url": "https://support.emc.com/kb/529947"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0223-1 vom 2019-02-01",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190223-1.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15706-1 vom 2025-11-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J2YFYRHG3D4WKV5P6XA25CFPNSEBUKHC/"
}
],
"source_lang": "en-US",
"title": "Mehrere Webserver: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-11-10T23:00:00.000+00:00",
"generator": {
"date": "2025-11-11T06:37:21.182+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2522",
"initial_release_date": "2016-07-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2016-07-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2016-07-18T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-18T22:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-18T22:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-19T22:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2016-07-20T22:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2016-07-20T22:00:00.000+00:00",
"number": "7",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-27T22:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2016-07-27T22:00:00.000+00:00",
"number": "9",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-02T22:00:00.000+00:00",
"number": "10",
"summary": "New remediations available"
},
{
"date": "2016-08-02T22:00:00.000+00:00",
"number": "11",
"summary": "New remediations available"
},
{
"date": "2016-08-02T22:00:00.000+00:00",
"number": "12",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "14",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "15",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "16",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "17",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-17T22:00:00.000+00:00",
"number": "18",
"summary": "New remediations available"
},
{
"date": "2016-08-17T22:00:00.000+00:00",
"number": "19",
"summary": "New remediations available"
},
{
"date": "2016-08-17T22:00:00.000+00:00",
"number": "20",
"summary": "New remediations available"
},
{
"date": "2016-08-18T22:00:00.000+00:00",
"number": "21",
"summary": "New remediations available"
},
{
"date": "2016-08-18T22:00:00.000+00:00",
"number": "22",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-21T22:00:00.000+00:00",
"number": "23",
"summary": "New remediations available"
},
{
"date": "2016-08-21T22:00:00.000+00:00",
"number": "24",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-22T22:00:00.000+00:00",
"number": "25",
"summary": "New remediations available"
},
{
"date": "2016-08-22T22:00:00.000+00:00",
"number": "26",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-22T22:00:00.000+00:00",
"number": "27",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-09-04T22:00:00.000+00:00",
"number": "28",
"summary": "New remediations available"
},
{
"date": "2016-09-04T22:00:00.000+00:00",
"number": "29",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-09-06T22:00:00.000+00:00",
"number": "30",
"summary": "New remediations available"
},
{
"date": "2016-09-11T22:00:00.000+00:00",
"number": "31",
"summary": "New remediations available"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "32",
"summary": "New remediations available"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "33",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "34",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "35",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "36",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "37",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-26T22:00:00.000+00:00",
"number": "38",
"summary": "New remediations available"
},
{
"date": "2016-11-06T23:00:00.000+00:00",
"number": "39",
"summary": "New remediations available"
},
{
"date": "2016-11-06T23:00:00.000+00:00",
"number": "40",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-11-09T23:00:00.000+00:00",
"number": "41",
"summary": "New remediations available"
},
{
"date": "2016-11-20T23:00:00.000+00:00",
"number": "42",
"summary": "New remediations available"
},
{
"date": "2016-11-22T23:00:00.000+00:00",
"number": "43",
"summary": "New remediations available"
},
{
"date": "2016-11-22T23:00:00.000+00:00",
"number": "44",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-12-20T23:00:00.000+00:00",
"number": "45",
"summary": "New remediations available"
},
{
"date": "2017-01-12T23:00:00.000+00:00",
"number": "46",
"summary": "New remediations available"
},
{
"date": "2017-01-18T23:00:00.000+00:00",
"number": "47",
"summary": "New remediations available"
},
{
"date": "2017-01-23T23:00:00.000+00:00",
"number": "48",
"summary": "New remediations available"
},
{
"date": "2017-02-02T23:00:00.000+00:00",
"number": "49",
"summary": "New remediations available"
},
{
"date": "2017-06-20T22:00:00.000+00:00",
"number": "50",
"summary": "New remediations available"
},
{
"date": "2017-06-20T22:00:00.000+00:00",
"number": "51",
"summary": "New remediations available"
},
{
"date": "2017-06-20T22:00:00.000+00:00",
"number": "52",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-06-26T22:00:00.000+00:00",
"number": "53",
"summary": "New remediations available"
},
{
"date": "2017-08-07T22:00:00.000+00:00",
"number": "54",
"summary": "Added references"
},
{
"date": "2019-01-30T23:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von EMC aufgenommen"
},
{
"date": "2019-02-03T23:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-04-08T22:00:00.000+00:00",
"number": "57",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-AA7F37CD4D"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "59",
"summary": "Korrektur"
}
],
"status": "final",
"version": "59"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apache HTTP Server",
"product": {
"name": "Apache HTTP Server",
"product_id": "67869",
"product_identification_helper": {
"cpe": "cpe:/a:apache:http_server:-"
}
}
},
{
"category": "product_name",
"name": "Apache Tomcat",
"product": {
"name": "Apache Tomcat",
"product_id": "643",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:-"
}
}
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC VNX1",
"product": {
"name": "EMC VNX1",
"product_id": "T004667",
"product_identification_helper": {
"cpe": "cpe:/h:emc:vnx:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE HP-UX",
"product": {
"name": "HPE HP-UX",
"product_id": "4871",
"product_identification_helper": {
"cpe": "cpe:/o:hp:hp-ux:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source PHP",
"product": {
"name": "Open Source PHP",
"product_id": "8746",
"product_identification_helper": {
"cpe": "cpe:/a:php:php:-"
}
}
},
{
"category": "product_name",
"name": "Open Source Python",
"product": {
"name": "Open Source Python",
"product_id": "113051",
"product_identification_helper": {
"cpe": "cpe:/a:python:python:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server",
"product": {
"name": "Red Hat JBoss Web Server",
"product_id": "T003426",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "T006804",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_desktop:12:sp1"
}
}
}
],
"category": "product_name",
"name": "Linux Enterprise Desktop"
},
{
"branches": [
{
"category": "product_version",
"name": "12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "T007836",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_server:12:sp1"
}
}
}
],
"category": "product_name",
"name": "Linux Enterprise Server"
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.2.1",
"product": {
"name": "TYPO3 Core \u003c8.2.1",
"product_id": "T008046"
}
},
{
"category": "product_version",
"name": "8.2.1",
"product": {
"name": "TYPO3 Core 8.2.1",
"product_id": "T008046-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:typo3:typo3:8.2.1"
}
}
}
],
"category": "product_name",
"name": "Core"
}
],
"category": "vendor",
"name": "TYPO3"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "131442",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1000104",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000104"
},
{
"cve": "CVE-2016-1000105",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000105"
},
{
"cve": "CVE-2016-1000107",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000107"
},
{
"cve": "CVE-2016-1000108",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000108"
},
{
"cve": "CVE-2016-1000109",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000109"
},
{
"cve": "CVE-2016-1000110",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000110"
},
{
"cve": "CVE-2016-1000111",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000111"
},
{
"cve": "CVE-2016-5385",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-5385"
},
{
"cve": "CVE-2016-5386",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-5386"
},
{
"cve": "CVE-2016-5387",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-5387"
},
{
"cve": "CVE-2016-5388",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-5388"
}
]
}
FKIE_CVE-2016-1000104
Vulnerability from fkie_nvd - Published: 2019-12-03 22:15 - Updated: 2024-11-21 02:42
Severity ?
Summary
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:mod_fcgid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC3895D-3B26-4503-A12B-B07F04E5BFED",
"versionEndIncluding": "2016-07-07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Bypass de seguridad en el Proxy FcgidPassHeader en mod_fcgid hasta el 2016-07-07."
}
],
"id": "CVE-2016-1000104",
"lastModified": "2024-11-21T02:42:52.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T22:15:13.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/91822"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/tns-2017-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3QWW-55H8-4XJP
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2024-04-04 02:41
VLAI?
Details
A security Bypass vulnerability exists in mod_fcgid through 2016-07-07 in the FcgidPassHeader Proxy.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-1000104"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-03T22:15:00Z",
"severity": "HIGH"
},
"details": "A security Bypass vulnerability exists in mod_fcgid through 2016-07-07 in the FcgidPassHeader Proxy.",
"id": "GHSA-3qww-55h8-4xjp",
"modified": "2024-04-04T02:41:39Z",
"published": "2022-05-24T17:02:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000104"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000104"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000104"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000104"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91822"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…