Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCD878F713D0E35B16F32BF73D2B227C150B65B9475716A9ECBE311E658286406
HistoryJun 18, 2018 - 1:33 a.m.

Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212)

2018-06-1801:33:23
www.ibm.com
13
JSON

Summary

PowerKVM is affected by a vulnerability in lighttpd. IBM has now addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2016-1000212**
DESCRIPTION:** lighttpd could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable. By using a specially-crafted Proxy header in a HTTP request, an attacker could exploit this vulnerability to redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the “HTTPOXY” vulnerability.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116317 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

PowerKVM 2.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. See PowerKVM 2.1.1.3-65 Update 12 at https://ibm.biz/BdEnT8 or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1.

For v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README&gt; for prerequisite fixes and instructions.

CPENameOperatorVersion
powerkvmeq2.1

Related

nessus 5
amazon 1
openvas 7
fedora 2
debian 3
osv 1
debiancve 1
ubuntucve 1
mageia 1
cve 1
ibm 1
nessus
nessus
Debian DSA-3642-1 : lighttpd - security update
2016-08-15 00:00:00
Fedora 23 : lighttpd (2016-9de7253cc7)
2016-08-11 00:00:00
Fedora 24 : lighttpd (2016-07e9059072)
2016-08-11 00:00:00
amazon
amazon
Important: lighttpd
2016-09-15 19:00:00
openvas
openvas
Debian Security Advisory DSA 3642-1 (lighttpd - security update)
2016-08-05 00:00:00
Mageia: Security Advisory (MGASA-2016-0398)
2022-01-28 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-746)
2016-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: lighttpd-1.4.41-1.fc23
2016-08-10 11:00:39
[SECURITY] Fedora 24 Update: lighttpd-1.4.41-1.fc24
2016-08-10 07:26:31
debian
debian
[SECURITY] [DSA 3642-1] lighttpd security update
2016-08-06 02:36:05
[SECURITY] [DSA 3642-1] lighttpd security update
2016-08-06 02:36:05
[SECURITY] [DLA 583-1] lighttpd security update
2016-08-03 06:05:32
osv
osv
lighttpd - security update
2016-08-03 00:00:00
debiancve
debiancve
CVE-2016-1000212
2022-02-25 11:44:09
ubuntucve
ubuntucve
CVE-2016-1000212
2016-07-27 00:00:00
mageia
mageia
Updated lighttpd packages fix security vulnerability
2016-11-25 20:04:30
cve
cve
CVE-2016-1000212
2022-02-25 11:44:09
ibm
ibm
Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM)
2019-01-31 02:25:02
JSON
Related for CD878F713D0E35B16F32BF73D2B227C150B65B9475716A9ECBE311E658286406
nessus5amazon1openvas7fedora2debian3osv1debiancve1ubuntucve1mageia1cve1ibm1