MGASA-2016-0312

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0312.html

Import Source

https://advisories.mageia.org/MGASA-2016-0312.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0312

Related

CVE-2016-5388

Published

2016-09-21T20:38:22Z

Modified

2016-09-21T20:29:31Z

Summary

Updated tomcat packages fix security vulnerability

Details

Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue (CVE-2016-5388).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / tomcat

Package

Name: tomcat
Purl: pkg:rpm/mageia/tomcat?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1.3.mga5

Ecosystem specific

{
    "section": "core"
}