Recent Vulnerabilities Research Posts Trends Blog About Contact

It exists that lighttpd class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

Debian Bug report logs - #832571 lighttpd: CVE-2016-1000212: HTTP Server sets environmental variable HTTP_PROXY based on user supplied Proxy request header (httpoxy) Package: src:lighttpd; Maintainer for src:lighttpd is Debian QA Group <packages@qadebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...

Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or initiate connections to arbitrary hosts For the stable distribution (j ...

It was discovered that lighttpd class did not properly protect against the HTTP_PROXY variable name clash in a CGI context A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request ...

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832571 https://www.debian.org/security/./dsa-3642 https://alas.aws.amazon.com/ALAS-2016-746.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1000212

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect