Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2016-746
HistorySep 15, 2016 - 7:00 p.m.

Important: lighttpd

2016-09-1519:00:00
alas.aws.amazon.com
25
JSON

Issue Overview:

It was discovered that lighttpd class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

Affected Packages:

lighttpd

Issue Correction:
Run yum update lighttpd to update your system.

New Packages:

i686:  
    lighttpd-debuginfo-1.4.41-1.34.amzn1.i686  
    lighttpd-1.4.41-1.34.amzn1.i686  
    lighttpd-mod_geoip-1.4.41-1.34.amzn1.i686  
    lighttpd-mod_mysql_vhost-1.4.41-1.34.amzn1.i686  
    lighttpd-fastcgi-1.4.41-1.34.amzn1.i686  
  
src:  
    lighttpd-1.4.41-1.34.amzn1.src  
  
x86_64:  
    lighttpd-mod_mysql_vhost-1.4.41-1.34.amzn1.x86_64  
    lighttpd-mod_geoip-1.4.41-1.34.amzn1.x86_64  
    lighttpd-1.4.41-1.34.amzn1.x86_64  
    lighttpd-fastcgi-1.4.41-1.34.amzn1.x86_64  
    lighttpd-debuginfo-1.4.41-1.34.amzn1.x86_64

Additional References

Red Hat: CVE-2016-1000212

Mitre: CVE-2016-1000212

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686lighttpd-debuginfo< 1.4.41-1.34.amzn1lighttpd-debuginfo-1.4.41-1.34.amzn1.i686.rpm
Amazon Linux1i686lighttpd< 1.4.41-1.34.amzn1lighttpd-1.4.41-1.34.amzn1.i686.rpm
Amazon Linux1i686lighttpd-mod_geoip< 1.4.41-1.34.amzn1lighttpd-mod_geoip-1.4.41-1.34.amzn1.i686.rpm
Amazon Linux1i686lighttpd-mod_mysql_vhost< 1.4.41-1.34.amzn1lighttpd-mod_mysql_vhost-1.4.41-1.34.amzn1.i686.rpm
Amazon Linux1i686lighttpd-fastcgi< 1.4.41-1.34.amzn1lighttpd-fastcgi-1.4.41-1.34.amzn1.i686.rpm
Amazon Linux1x86_64lighttpd-mod_mysql_vhost< 1.4.41-1.34.amzn1lighttpd-mod_mysql_vhost-1.4.41-1.34.amzn1.x86_64.rpm
Amazon Linux1x86_64lighttpd-mod_geoip< 1.4.41-1.34.amzn1lighttpd-mod_geoip-1.4.41-1.34.amzn1.x86_64.rpm
Amazon Linux1x86_64lighttpd< 1.4.41-1.34.amzn1lighttpd-1.4.41-1.34.amzn1.x86_64.rpm
Amazon Linux1x86_64lighttpd-fastcgi< 1.4.41-1.34.amzn1lighttpd-fastcgi-1.4.41-1.34.amzn1.x86_64.rpm
Amazon Linux1x86_64lighttpd-debuginfo< 1.4.41-1.34.amzn1lighttpd-debuginfo-1.4.41-1.34.amzn1.x86_64.rpm

Related

osv 1
openvas 7
nessus 5
debiancve 1
fedora 2
debian 3
mageia 1
cve 1
ubuntucve 1
ibm 2
osv
osv
lighttpd - security update
2016-08-03 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0398)
2022-01-28 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-746)
2016-10-26 00:00:00
Debian Security Advisory DSA 3642-1 (lighttpd - security update)
2016-08-05 00:00:00
nessus
nessus
Debian DLA-583-1 : lighttpd security update
2016-08-04 00:00:00
Debian DSA-3642-1 : lighttpd - security update
2016-08-15 00:00:00
Fedora 24 : lighttpd (2016-07e9059072)
2016-08-11 00:00:00
debiancve
debiancve
CVE-2016-1000212
2022-02-25 11:44:09
fedora
fedora
[SECURITY] Fedora 23 Update: lighttpd-1.4.41-1.fc23
2016-08-10 11:00:39
[SECURITY] Fedora 24 Update: lighttpd-1.4.41-1.fc24
2016-08-10 07:26:31
debian
debian
[SECURITY] [DSA 3642-1] lighttpd security update
2016-08-06 02:36:05
[SECURITY] [DLA 583-1] lighttpd security update
2016-08-03 06:05:32
[SECURITY] [DSA 3642-1] lighttpd security update
2016-08-06 02:36:05
mageia
mageia
Updated lighttpd packages fix security vulnerability
2016-11-25 20:04:30
cve
cve
CVE-2016-1000212
2022-02-25 11:44:09
ubuntucve
ubuntucve
CVE-2016-1000212
2016-07-27 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212)
2018-06-18 01:33:23
Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM)
2019-01-31 02:25:02
JSON
Related for ALAS-2016-746
osv1openvas7nessus5debiancve1fedora2debian3mageia1cve1ubuntucve1ibm2