ID de Prueba:	1.3.6.1.4.1.25623.1.0.808628
Categoría:	Web application abuses
Título:	PHP Man-in-the-Middle Attack Vulnerability (Jul 2016) - Linux
Resumen:	PHP is prone to a man-in-the-middle attack vulnerability.
Descripción:	Summary: PHP is prone to a man-in-the-middle attack vulnerability. Vulnerability Insight: The following flaws exist: - The web servers running in a CGI or CGI-like context may assign client request proxy header values to internal HTTP_PROXY environment variables. - 'HTTP_PROXY' is improperly trusted by some PHP libraries and applications - An unspecified flaw in the gdImageCropThreshold function in 'gd_crop.c' in the GD Graphics Library. Vulnerability Impact: Successfully exploiting this issue may allow remote, unauthenticated to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts or to cause a denial of service. Affected Software/OS: PHP versions 5.x through 5.6.23 and 7.0.x through 7.0.8 on Linux Solution: Update to PHP version 5.6.24 or 7.0.19. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5385 1036335 http://www.securitytracker.com/id/1036335 91821 http://www.securityfocus.com/bid/91821 DSA-3631 http://www.debian.org/security/2016/dsa-3631 FEDORA-2016-4e7db3d437 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/ FEDORA-2016-8eb11666aa https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/ FEDORA-2016-9c8cf5912c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/ GLSA-201611-22 https://security.gentoo.org/glsa/201611-22 RHSA-2016:1609 http://rhn.redhat.com/errata/RHSA-2016-1609.html RHSA-2016:1610 http://rhn.redhat.com/errata/RHSA-2016-1610.html RHSA-2016:1611 http://rhn.redhat.com/errata/RHSA-2016-1611.html RHSA-2016:1612 http://rhn.redhat.com/errata/RHSA-2016-1612.html RHSA-2016:1613 http://rhn.redhat.com/errata/RHSA-2016-1613.html VU#797896 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://bugzilla.redhat.com/show_bug.cgi?id=1353794 https://github.com/guzzle/guzzle/releases/tag/6.2.1 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://httpoxy.org/ https://www.drupal.org/SA-CORE-2016-003 openSUSE-SU-2016:1922 http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2016-6128 BugTraq ID: 91509 http://www.securityfocus.com/bid/91509 Debian Security Information: DSA-3619 (Google Search) http://www.debian.org/security/2016/dsa-3619 https://security.gentoo.org/glsa/201612-09 http://www.openwall.com/lists/oss-security/2016/06/30/1 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1036276 SuSE Security Announcement: openSUSE-SU-2016:2117 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html SuSE Security Announcement: openSUSE-SU-2016:2363 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://www.ubuntu.com/usn/USN-3030-1
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.