VAR-201607-0657
Vulnerability from variot - Updated: 2026-04-10 22:29PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host.
References:
- CVE-2016-5385 - PHP, HTTPoxy
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: php54-php security update Advisory ID: RHSA-2016:1610-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1610.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 =====================================================================
- Summary:
An update for php54-php is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- (CVE-2016-5385)
Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: php54-php-5.4.40-4.el6.src.rpm
x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: php54-php-5.4.40-4.el6.src.rpm
x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: php54-php-5.4.40-4.el6.src.rpm
x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: php54-php-5.4.40-4.el6.src.rpm
x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: php54-php-5.4.40-4.el7.src.rpm
x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: php54-php-5.4.40-4.el7.src.rpm
x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: php54-php-5.4.40-4.el7.src.rpm
x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: php54-php-5.4.40-4.el7.src.rpm
x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXrPSRXlSAg2UNWIIRAm7eAJ46bwD5dNGjO2qoFKsoL92xftbbTgCgkeMg 3r5SaIOUCU9fw1VuBLjTlPI= =fzN3 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information:
https://php.net/ChangeLog-5.php#5.6.24
For the stable distribution (jessie), these problems have been fixed in version 5.6.24+dfsg-0+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7.0.9-1 of the php7.0 source package.
We recommend that you upgrade your php5 packages.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. For more information, see: http://php.net/ChangeLog-5.php#5.6.24 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz
Slackware 14.1 package: aea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: ab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz
Slackware 14.2 package: c88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: ed5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz
Slackware -current package: c25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz
Slackware x86_64 -current package: 17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg php-5.6.24-i586-1_slack14.2.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 6) - i386, x86_64
3.
Ubuntu Security Notice USN-3045-1 August 02, 2016
php5, php7.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description: - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain SplMinHeap::compar e operations. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. Thi s issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116 )
It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873)
It was discovered that PHP incorrectly validated certain Exception object s when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2015-8876)
It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use thi s issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935)
It was discovered that PHP incorrectly handled certain locale operations.
An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093)
It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-5094, CVE-2016-5095)
It was discovered that the PHP fread() function incorrectly handled certa in lengths. An attacker could use this issue to cause PHP to crash, resultin g in a denial of service, or possibly execute arbitrary code. This issue on ly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)
It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker cou ld use this issue to cause PHP to crash, resulting in a denial of service, o r possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)
It was discovered that PHP would not protect applications from contents o f the HTTP_PROXY environment variable when based on the contents of the Pro xy header from HTTP requests. A remote attacker could possibly use this issu e in combination with scripts that honour the HTTP_PROXY variable to redire ct outgoing HTTP requests. (CVE-2016-5385)
Hans Jerry Illikainen discovered that the PHP bzread() function incorrect ly performed error handling. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399)
It was discovered that certain PHP multibyte string functions incorrectly
handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)
It was discovered that the PHP Mcrypt extension incorrectly handled memor y. A remote attacker could use this issue to cause PHP to crash, resulting i n a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)
It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker coul d use this issue to cause PHP to crash, resulting in a denial of service, o r possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)
It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP t o crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772)
It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cau se PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-6288)
It was discovered that PHP incorrectly handled path lengths when extracti ng certain Zip archives. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6289)
It was discovered that PHP incorrectly handled session deserialization. A
remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290)
It was discovered that PHP incorrectly handled exif headers when processi ng certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292)
It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294)
It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use
this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT S and Ubuntu 16.04 LTS. (CVE-2016-6295)
It was discovered that the PHP xmlrpc_encode_request() function incorrect ly handled certain lengths. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296)
It was discovered that the PHP php_stream_zip_opener() function incorrect ly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2 php7.0-cgi 7.0.8-0ubuntu0.16.04.2 php7.0-cli 7.0.8-0ubuntu0.16.04.2 php7.0-fpm 7.0.8-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19 php5-cgi 5.5.9+dfsg-1ubuntu4.19 php5-cli 5.5.9+dfsg-1ubuntu4.19 php5-fpm 5.5.9+dfsg-1ubuntu4.19
Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.24 php5-cgi 5.3.10-1ubuntu3.24 php5-cli 5.3.10-1ubuntu3.24 php5-fpm 5.3.10-1ubuntu3.24
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3045-1 CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768, CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297
Package Information: https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05320149 Version: 1
HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-10-26 Last Updated: 2016-10-26
Potential Security Impact: Remote: Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux.
References:
- CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information
- CVE-2016-2106 - OpenSSL, Denial of Service (DoS)
- CVE-2016-2109 - OpenSSL, Denial of Service (DoS)
- CVE-2016-2105 - OpenSSL, Denial of Service (DoS)
- CVE-2016-3739 - cURL and libcurl, Remote code execution
- CVE-2016-5388 - "HTTPoxy", Apache Tomcat
- CVE-2016-5387 - "HTTPoxy", Apache HTTP Server
- CVE-2016-5385 - "HTTPoxy", PHP
- CVE-2016-4543 - PHP, multiple impact
- CVE-2016-4071 - PHP, multiple impact
- CVE-2016-4072 - PHP, multiple impact
- CVE-2016-4542 - PHP, multiple impact
- CVE-2016-4541 - PHP, multiple impact
- CVE-2016-4540 - PHP, multiple impact
- CVE-2016-4539 - PHP, multiple impact
- CVE-2016-4538 - PHP, multiple impact
- CVE-2016-4537 - PHP, multiple impact
- CVE-2016-4343 - PHP, multiple impact
- CVE-2016-4342 - PHP, multiple impact
- CVE-2016-4070 - PHP, Denial of Service (DoS)
- CVE-2016-4393 - PSRT110263, XSS vulnerability
- CVE-2016-4394 - PSRT110263, HSTS vulnerability
- CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow
- CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow
- PSRT110145
- PSRT110263
- PSRT110115
- PSRT110116
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE System Management Homepage - all versions prior to v7.6
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2105
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2106
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2107
5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-2109
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-3739
5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVE-2016-4070
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-4071
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4072
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4342
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)
CVE-2016-4343
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-4393
4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
CVE-2016-4394
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVE-2016-4395
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVE-2016-4396
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVE-2016-4537
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4538
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4539
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4540
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4541
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4542
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4543
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5385
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5387
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5388
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
- Hewlett Packard Enterprise thanks Tenable Network Security for working with Trend Micro's Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and CVE-2016-4396 to security-alert@hpe.com
RESOLUTION
HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of System Management Homepage (SMH).
Please download and install HPE System Management Homepage (SMH) v7.6.0 from the following locations:
HISTORY Version:1 (rev.1) - 26 October 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Please note that the Management Interface cannot access data stored on tape media, so this vulnerability does not allow for remote unauthorized disclosure of data stored on tape media or remote denial of service.
References:
- CVE-2016-5385 - PHP, HTTPoxy
- CVE-2016-3074 - PHP
- CVE-2013-7456 - PHP
- CVE-2016-5093 - PHP
- CVE-2016-5094 - PHP
- CVE-2016-5096 - PHP
- CVE-2016-5766 - PHP
- CVE-2016-5767 - PHP
- CVE-2016-5768 - PHP
- CVE-2016-5769 - PHP
- CVE-2016-5770 - PHP
- CVE-2016-5771 - PHP
- CVE-2016-5772 - PHP
- CVE-2016-5773 - PHP
- CVE-2016-6207 - GD Graphics Library
- CVE-2016-6289 - PHP
- CVE-2016-6290 - PHP
- CVE-2016-6291 - PHP
- CVE-2016-6292 - PHP
- CVE-2016-6293 - PHP
- CVE-2016-6294 - PHP
- CVE-2016-6295 - PHP
- CVE-2016-6296 - PHP
- CVE-2016-6297 - PHP
- CVE-2016-5399 - PHP
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"_id": null,
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.5.38"
},
{
"_id": null,
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.6.24"
},
{
"_id": null,
"model": "php",
"scope": "lte",
"trust": 1.0,
"vendor": "php",
"version": "7.0.8"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.1.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "23"
},
{
"_id": null,
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.5.0"
},
{
"_id": null,
"model": "storeever msl6480 tape library",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "5.09"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "24"
},
{
"_id": null,
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.6.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "7.5.5.0"
},
{
"_id": null,
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.0"
},
{
"_id": null,
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2"
},
{
"_id": null,
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.0.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.0.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache http server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "haproxy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hhvm",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "python",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lighttpd",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"credits": {
"_id": null,
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "140515"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5385",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2016-5385",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-94204",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2016-5385",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5385",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94204",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"description": {
"_id": null,
"data": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host. \n\nReferences:\n\n - CVE-2016-5385 - PHP, HTTPoxy\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: php54-php security update\nAdvisory ID: RHSA-2016:1610-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1610.html\nIssue date: 2016-08-11\nCVE Names: CVE-2016-5385 \n=====================================================================\n\n1. Summary:\n\nAn update for php54-php is now available for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. (CVE-2016-5385)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp54-php-5.4.40-4.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el6.x86_64.rpm\nphp54-php-cli-5.4.40-4.el6.x86_64.rpm\nphp54-php-common-5.4.40-4.el6.x86_64.rpm\nphp54-php-dba-5.4.40-4.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el6.x86_64.rpm\nphp54-php-devel-5.4.40-4.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el6.x86_64.rpm\nphp54-php-gd-5.4.40-4.el6.x86_64.rpm\nphp54-php-imap-5.4.40-4.el6.x86_64.rpm\nphp54-php-intl-5.4.40-4.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el6.x86_64.rpm\nphp54-php-process-5.4.40-4.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el6.x86_64.rpm\nphp54-php-recode-5.4.40-4.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el6.x86_64.rpm\nphp54-php-soap-5.4.40-4.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-4.el6.x86_64.rpm\nphp54-php-xml-5.4.40-4.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp54-php-5.4.40-4.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el6.x86_64.rpm\nphp54-php-cli-5.4.40-4.el6.x86_64.rpm\nphp54-php-common-5.4.40-4.el6.x86_64.rpm\nphp54-php-dba-5.4.40-4.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el6.x86_64.rpm\nphp54-php-devel-5.4.40-4.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el6.x86_64.rpm\nphp54-php-gd-5.4.40-4.el6.x86_64.rpm\nphp54-php-imap-5.4.40-4.el6.x86_64.rpm\nphp54-php-intl-5.4.40-4.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el6.x86_64.rpm\nphp54-php-process-5.4.40-4.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el6.x86_64.rpm\nphp54-php-recode-5.4.40-4.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el6.x86_64.rpm\nphp54-php-soap-5.4.40-4.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-4.el6.x86_64.rpm\nphp54-php-xml-5.4.40-4.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nphp54-php-5.4.40-4.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el6.x86_64.rpm\nphp54-php-cli-5.4.40-4.el6.x86_64.rpm\nphp54-php-common-5.4.40-4.el6.x86_64.rpm\nphp54-php-dba-5.4.40-4.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el6.x86_64.rpm\nphp54-php-devel-5.4.40-4.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el6.x86_64.rpm\nphp54-php-gd-5.4.40-4.el6.x86_64.rpm\nphp54-php-imap-5.4.40-4.el6.x86_64.rpm\nphp54-php-intl-5.4.40-4.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el6.x86_64.rpm\nphp54-php-process-5.4.40-4.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el6.x86_64.rpm\nphp54-php-recode-5.4.40-4.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el6.x86_64.rpm\nphp54-php-soap-5.4.40-4.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-4.el6.x86_64.rpm\nphp54-php-xml-5.4.40-4.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp54-php-5.4.40-4.el6.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el6.x86_64.rpm\nphp54-php-cli-5.4.40-4.el6.x86_64.rpm\nphp54-php-common-5.4.40-4.el6.x86_64.rpm\nphp54-php-dba-5.4.40-4.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el6.x86_64.rpm\nphp54-php-devel-5.4.40-4.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el6.x86_64.rpm\nphp54-php-gd-5.4.40-4.el6.x86_64.rpm\nphp54-php-imap-5.4.40-4.el6.x86_64.rpm\nphp54-php-intl-5.4.40-4.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el6.x86_64.rpm\nphp54-php-process-5.4.40-4.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el6.x86_64.rpm\nphp54-php-recode-5.4.40-4.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el6.x86_64.rpm\nphp54-php-soap-5.4.40-4.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-4.el6.x86_64.rpm\nphp54-php-xml-5.4.40-4.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp54-php-5.4.40-4.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el7.x86_64.rpm\nphp54-php-cli-5.4.40-4.el7.x86_64.rpm\nphp54-php-common-5.4.40-4.el7.x86_64.rpm\nphp54-php-dba-5.4.40-4.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el7.x86_64.rpm\nphp54-php-devel-5.4.40-4.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el7.x86_64.rpm\nphp54-php-gd-5.4.40-4.el7.x86_64.rpm\nphp54-php-intl-5.4.40-4.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el7.x86_64.rpm\nphp54-php-process-5.4.40-4.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el7.x86_64.rpm\nphp54-php-recode-5.4.40-4.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el7.x86_64.rpm\nphp54-php-soap-5.4.40-4.el7.x86_64.rpm\nphp54-php-xml-5.4.40-4.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nphp54-php-5.4.40-4.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el7.x86_64.rpm\nphp54-php-cli-5.4.40-4.el7.x86_64.rpm\nphp54-php-common-5.4.40-4.el7.x86_64.rpm\nphp54-php-dba-5.4.40-4.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el7.x86_64.rpm\nphp54-php-devel-5.4.40-4.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el7.x86_64.rpm\nphp54-php-gd-5.4.40-4.el7.x86_64.rpm\nphp54-php-intl-5.4.40-4.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el7.x86_64.rpm\nphp54-php-process-5.4.40-4.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el7.x86_64.rpm\nphp54-php-recode-5.4.40-4.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el7.x86_64.rpm\nphp54-php-soap-5.4.40-4.el7.x86_64.rpm\nphp54-php-xml-5.4.40-4.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nphp54-php-5.4.40-4.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el7.x86_64.rpm\nphp54-php-cli-5.4.40-4.el7.x86_64.rpm\nphp54-php-common-5.4.40-4.el7.x86_64.rpm\nphp54-php-dba-5.4.40-4.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el7.x86_64.rpm\nphp54-php-devel-5.4.40-4.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el7.x86_64.rpm\nphp54-php-gd-5.4.40-4.el7.x86_64.rpm\nphp54-php-intl-5.4.40-4.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el7.x86_64.rpm\nphp54-php-process-5.4.40-4.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el7.x86_64.rpm\nphp54-php-recode-5.4.40-4.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el7.x86_64.rpm\nphp54-php-soap-5.4.40-4.el7.x86_64.rpm\nphp54-php-xml-5.4.40-4.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp54-php-5.4.40-4.el7.src.rpm\n\nx86_64:\nphp54-php-5.4.40-4.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-4.el7.x86_64.rpm\nphp54-php-cli-5.4.40-4.el7.x86_64.rpm\nphp54-php-common-5.4.40-4.el7.x86_64.rpm\nphp54-php-dba-5.4.40-4.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-4.el7.x86_64.rpm\nphp54-php-devel-5.4.40-4.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-4.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-4.el7.x86_64.rpm\nphp54-php-gd-5.4.40-4.el7.x86_64.rpm\nphp54-php-intl-5.4.40-4.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-4.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-4.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-4.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-4.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-4.el7.x86_64.rpm\nphp54-php-process-5.4.40-4.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-4.el7.x86_64.rpm\nphp54-php-recode-5.4.40-4.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-4.el7.x86_64.rpm\nphp54-php-soap-5.4.40-4.el7.x86_64.rpm\nphp54-php-xml-5.4.40-4.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXrPSRXlSAg2UNWIIRAm7eAJ46bwD5dNGjO2qoFKsoL92xftbbTgCgkeMg\n3r5SaIOUCU9fw1VuBLjTlPI=\n=fzN3\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.24, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.6.24\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.24+dfsg-0+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.9-1 of the php7.0 source package. \n\nWe recommend that you upgrade your php5 packages. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n http://php.net/ChangeLog-5.php#5.6.24\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\naea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\ned5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz\n\nSlackware x86_64 -current package:\n17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.24-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. 6) - i386, x86_64\n\n3. \n=========================================================================\nUbuntu Security Notice USN-3045-1\nAugust 02, 2016\n\nphp5, php7.0 vulnerabilities\n=========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php7.0: HTML-embedded scripting language interpreter\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nIt was discovered that PHP incorrectly handled certain SplMinHeap::compar\ne\noperations. A remote attacker could use this issue to cause PHP to crash,\n\nresulting in a denial of service, or possibly execute arbitrary code. Thi\ns\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116\n)\n\nIt was discovered that PHP incorrectly handled recursive method calls. A\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2015-8873)\n\nIt was discovered that PHP incorrectly validated certain Exception object\ns\nwhen unserializing data. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2015-8876)\n\nIt was discovered that PHP header() function performed insufficient\nfiltering for Internet Explorer. A remote attacker could possibly use thi\ns\nissue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2015-8935)\n\nIt was discovered that PHP incorrectly handled certain locale operations. \n\nAn attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2016-5093)\n\nIt was discovered that the PHP php_html_entities() function incorrectly\nhandled certain string lengths. A remote attacker could use this issue to\n\ncause PHP to crash, resulting in a denial of service, or possibly execute\n\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2016-5094, CVE-2016-5095)\n\nIt was discovered that the PHP fread() function incorrectly handled certa\nin\nlengths. An attacker could use this issue to cause PHP to crash, resultin\ng\nin a denial of service, or possibly execute arbitrary code. This issue on\nly\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)\n\nIt was discovered that the PHP FastCGI Process Manager (FPM) SAPI\nincorrectly handled memory in the access logging feature. An attacker cou\nld\nuse this issue to cause PHP to crash, resulting in a denial of service, o\nr\npossibly expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)\n\nIt was discovered that PHP would not protect applications from contents o\nf\nthe HTTP_PROXY environment variable when based on the contents of the Pro\nxy\nheader from HTTP requests. A remote attacker could possibly use this issu\ne\nin combination with scripts that honour the HTTP_PROXY variable to redire\nct\noutgoing HTTP requests. (CVE-2016-5385)\n\nHans Jerry Illikainen discovered that the PHP bzread() function incorrect\nly\nperformed error handling. A remote attacker could use this issue to cause\n\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-5399)\n\nIt was discovered that certain PHP multibyte string functions incorrectly\n\nhandled memory. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)\n\nIt was discovered that the PHP Mcrypt extension incorrectly handled memor\ny. \nA remote attacker could use this issue to cause PHP to crash, resulting i\nn\na denial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)\n\nIt was discovered that the PHP garbage collector incorrectly handled\ncertain objects when unserializing malicious data. A remote attacker coul\nd\nuse this issue to cause PHP to crash, resulting in a denial of service, o\nr\npossibly execute arbitrary code. This issue was only addressed in Ubuntu\nUbuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)\n\nIt was discovered that PHP incorrectly handled memory when unserializing\nmalicious xml data. A remote attacker could use this issue to cause PHP t\no\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2016-5772)\n\nIt was discovered that the PHP php_url_parse_ex() function incorrectly\nhandled string termination. A remote attacker could use this issue to cau\nse\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2016-6288)\n\nIt was discovered that PHP incorrectly handled path lengths when extracti\nng\ncertain Zip archives. A remote attacker could use this issue to cause PHP\n\nto crash, resulting in a denial of service, or possibly execute arbitrary\n\ncode. (CVE-2016-6289)\n\nIt was discovered that PHP incorrectly handled session deserialization. A\n\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service, or possibly execute arbitrary code. (CVE-2016-6290)\n\nIt was discovered that PHP incorrectly handled exif headers when processi\nng\ncertain JPEG images. A remote attacker could use this issue to cause PHP \nto\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-6291, CVE-2016-6292)\n\nIt was discovered that PHP incorrectly handled certain locale operations. \n A\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service, or possibly execute arbitrary code. (CVE-2016-6294)\n\nIt was discovered that the PHP garbage collector incorrectly handled\ncertain objects when unserializing SNMP data. A remote attacker could use\n\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT\nS\nand Ubuntu 16.04 LTS. (CVE-2016-6295)\n\nIt was discovered that the PHP xmlrpc_encode_request() function incorrect\nly\nhandled certain lengths. An attacker could use this issue to cause PHP to\n\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-6296)\n\nIt was discovered that the PHP php_stream_zip_opener() function incorrect\nly\nhandled memory. An attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2016-6297)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2\n php7.0-cgi 7.0.8-0ubuntu0.16.04.2\n php7.0-cli 7.0.8-0ubuntu0.16.04.2\n php7.0-fpm 7.0.8-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19\n php5-cgi 5.5.9+dfsg-1ubuntu4.19\n php5-cli 5.5.9+dfsg-1ubuntu4.19\n php5-fpm 5.5.9+dfsg-1ubuntu4.19\n\nUbuntu 12.04 LTS:\n libapache2-mod-php5 5.3.10-1ubuntu3.24\n php5-cgi 5.3.10-1ubuntu3.24\n php5-cli 5.3.10-1ubuntu3.24\n php5-fpm 5.3.10-1ubuntu3.24\n\nIn general, a standard system update will make all the necessary changes. \n\n\nReferences:\n http://www.ubuntu.com/usn/usn-3045-1\n CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935,\n CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096,\n CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768,\n CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773,\n CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291,\n CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296,\n CVE-2016-6297\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05320149\nVersion: 1\n\nHPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary\nCode Execution, Cross-Site Scripting (XSS), Denial of Service (DoS),\nUnauthorized Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-10-26\nLast Updated: 2016-10-26\n\nPotential Security Impact: Remote: Arbitrary Code Execution, Cross-Site\nScripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of\nInformation\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified in HPE\nSystem Management Homepage (SMH) on Windows and Linux. \n\nReferences:\n\n - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information\n - CVE-2016-2106 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-2109 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-2105 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-3739 - cURL and libcurl, Remote code execution\n - CVE-2016-5388 - \"HTTPoxy\", Apache Tomcat\n - CVE-2016-5387 - \"HTTPoxy\", Apache HTTP Server\n - CVE-2016-5385 - \"HTTPoxy\", PHP \n - CVE-2016-4543 - PHP, multiple impact\n - CVE-2016-4071 - PHP, multiple impact\n - CVE-2016-4072 - PHP, multiple impact\n - CVE-2016-4542 - PHP, multiple impact\n - CVE-2016-4541 - PHP, multiple impact\n - CVE-2016-4540 - PHP, multiple impact\n - CVE-2016-4539 - PHP, multiple impact\n - CVE-2016-4538 - PHP, multiple impact\n - CVE-2016-4537 - PHP, multiple impact\n - CVE-2016-4343 - PHP, multiple impact\n - CVE-2016-4342 - PHP, multiple impact\n - CVE-2016-4070 - PHP, Denial of Service (DoS)\n - CVE-2016-4393 - PSRT110263, XSS vulnerability\n - CVE-2016-4394 - PSRT110263, HSTS vulnerability\n - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow\n - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow\n - PSRT110145\n - PSRT110263\n - PSRT110115\n - PSRT110116\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE System Management Homepage - all versions prior to v7.6\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2105\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2106\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2107\n 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n CVE-2016-2109\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-3739\n 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\n 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n CVE-2016-4070\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-4071\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4072\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4342\n 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n CVE-2016-4343\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4393\n 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\n 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n CVE-2016-4394\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)\n\n CVE-2016-4395\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)\n\n CVE-2016-4396\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)\n\n CVE-2016-4537\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4538\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4539\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4540\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4541\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4542\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4543\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5385\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5387\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5388\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\n* Hewlett Packard Enterprise thanks Tenable Network Security for working with\nTrend Micro\u0027s Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and\nCVE-2016-4396 to security-alert@hpe.com\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of System Management Homepage\n(SMH). \n\nPlease download and install HPE System Management Homepage (SMH) v7.6.0 from\nthe following locations: \n\n* \u003chttps://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e\n\nHISTORY\nVersion:1 (rev.1) - 26 October 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. Please note that the Management\nInterface cannot access data stored on tape media, so this vulnerability does\nnot allow for remote unauthorized disclosure of data stored on tape media or\nremote denial of service. \n\nReferences:\n\n - CVE-2016-5385 - PHP, HTTPoxy\n - CVE-2016-3074 - PHP\n - CVE-2013-7456 - PHP\n - CVE-2016-5093 - PHP\n - CVE-2016-5094 - PHP\n - CVE-2016-5096 - PHP\n - CVE-2016-5766 - PHP\n - CVE-2016-5767 - PHP\n - CVE-2016-5768 - PHP\n - CVE-2016-5769 - PHP\n - CVE-2016-5770 - PHP\n - CVE-2016-5771 - PHP\n - CVE-2016-5772 - PHP\n - CVE-2016-5773 - PHP\n - CVE-2016-6207 - GD Graphics Library\n - CVE-2016-6289 - PHP\n - CVE-2016-6290 - PHP\n - CVE-2016-6291 - PHP\n - CVE-2016-6292 - PHP\n - CVE-2016-6293 - PHP\n - CVE-2016-6294 - PHP\n - CVE-2016-6295 - PHP\n - CVE-2016-6296 - PHP\n - CVE-2016-6297 - PHP\n - CVE-2016-5399 - PHP\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5385"
},
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138296"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138295"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "140515"
}
],
"trust": 2.52
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94204",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-5385",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#797896",
"trust": 1.9
},
{
"db": "BID",
"id": "91821",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036335",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "138295",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138298",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "139744",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138014",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138296",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138070",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143933",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138299",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138297",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-94204",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139379",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140515",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138296"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138295"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "140515"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"id": "VAR-201607-0657",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:29:01.229000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1609.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1610.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1612.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036335"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91821"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1611.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1613.html"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
},
{
"trust": 1.1,
"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05333297"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://httpoxy.org/"
},
{
"trust": 1.1,
"url": "https://www.drupal.org/sa-core-2016-003"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03770en_us"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc3875"
},
{
"trust": 0.8,
"url": "https://httpoxy.org"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/807.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/454.html"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.3,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-5385"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5399"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05333297"
},
{
"trust": 0.2,
"url": "https://php.net/changelog-5.php#5.6.24"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5093"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5768"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5773"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5096"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03770en_us"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/swd/public/readindex?sp4ts.oid=5385625\u0026swlan"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5385"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6207"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6288"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3045-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4396"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4394"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6293"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/msl6480\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138296"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138295"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "140515"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#797896",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-94204",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139744",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138296",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138070",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138014",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138295",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138298",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138136",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139379",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140515",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-5385",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "CERT/CC",
"id": "VU#797896",
"ident": null
},
{
"date": "2016-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-94204",
"ident": null
},
{
"date": "2016-11-16T00:48:12",
"db": "PACKETSTORM",
"id": "139744",
"ident": null
},
{
"date": "2016-08-12T18:03:00",
"db": "PACKETSTORM",
"id": "138296",
"ident": null
},
{
"date": "2016-07-27T14:25:39",
"db": "PACKETSTORM",
"id": "138070",
"ident": null
},
{
"date": "2016-07-22T22:42:48",
"db": "PACKETSTORM",
"id": "138014",
"ident": null
},
{
"date": "2016-08-12T18:02:52",
"db": "PACKETSTORM",
"id": "138295",
"ident": null
},
{
"date": "2016-08-12T18:03:22",
"db": "PACKETSTORM",
"id": "138298",
"ident": null
},
{
"date": "2016-08-02T22:59:53",
"db": "PACKETSTORM",
"id": "138136",
"ident": null
},
{
"date": "2016-10-27T19:22:00",
"db": "PACKETSTORM",
"id": "139379",
"ident": null
},
{
"date": "2017-01-15T23:24:00",
"db": "PACKETSTORM",
"id": "140515",
"ident": null
},
{
"date": "2016-07-19T02:00:17.773000",
"db": "NVD",
"id": "CVE-2016-5385",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-07-19T00:00:00",
"db": "CERT/CC",
"id": "VU#797896",
"ident": null
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-94204",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5385",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "138296"
},
{
"db": "PACKETSTORM",
"id": "138295"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "140515"
}
],
"trust": 0.5
},
"title": {
"_id": null,
"data": "CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables",
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "138136"
}
],
"trust": 0.1
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.