ID de Prueba:	1.3.6.1.4.1.25623.1.0.808272
Categoría:	Web application abuses
Título:	TYPO3 Environment Variable Injection Vulnerability (Jul 2016)
Resumen:	TYPO3 is prone to an environment variable injection vulnerability.
Descripción:	Summary: TYPO3 is prone to an environment variable injection vulnerability. Vulnerability Insight: The flaw is due to PHP, when used as CGI, FPM or HHVM, exposes http headers also as environment variables starting with 'HTTP_'.TYPO3 is vulnerable through third party library guzzlehttp/guzzle which makes use of the environment variable 'HTTP_PROXY'. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts. Affected Software/OS: TYPO3 versions 8.0.0 to 8.2.0 Solution: Upgrade to TYPO3 version 8.2.1 or later. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5385 1036335 http://www.securitytracker.com/id/1036335 91821 http://www.securityfocus.com/bid/91821 DSA-3631 http://www.debian.org/security/2016/dsa-3631 FEDORA-2016-4e7db3d437 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/ FEDORA-2016-8eb11666aa https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/ FEDORA-2016-9c8cf5912c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/ GLSA-201611-22 https://security.gentoo.org/glsa/201611-22 RHSA-2016:1609 http://rhn.redhat.com/errata/RHSA-2016-1609.html RHSA-2016:1610 http://rhn.redhat.com/errata/RHSA-2016-1610.html RHSA-2016:1611 http://rhn.redhat.com/errata/RHSA-2016-1611.html RHSA-2016:1612 http://rhn.redhat.com/errata/RHSA-2016-1612.html RHSA-2016:1613 http://rhn.redhat.com/errata/RHSA-2016-1613.html VU#797896 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://bugzilla.redhat.com/show_bug.cgi?id=1353794 https://github.com/guzzle/guzzle/releases/tag/6.2.1 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://httpoxy.org/ https://www.drupal.org/SA-CORE-2016-003 openSUSE-SU-2016:1922 http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.