Lucene search

Veracode Vulnerability DatabaseVERACODE:12120

HistoryJan 15, 2019 - 9:12 a.m.

Open Redirection

2019-01-1509:12:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.928

Percentile

99.1%

JSON

php is vulnerable to open redirection. It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

References

lists.opensuse.org/opensuse-updates/2016-08/msg00003.html

rhn.redhat.com/errata/RHSA-2016-1609.html

rhn.redhat.com/errata/RHSA-2016-1610.html

rhn.redhat.com/errata/RHSA-2016-1611.html

rhn.redhat.com/errata/RHSA-2016-1612.html

rhn.redhat.com/errata/RHSA-2016-1613.html

www.debian.org/security/2016/dsa-3631

www.kb.cert.org/vuls/id/797896

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.securityfocus.com/bid/91821

www.securitytracker.com/id/1036335

access.redhat.com/errata/RHSA-2016:1609

access.redhat.com/errata/RHSA-2016:1610

access.redhat.com/errata/RHSA-2016:1611

access.redhat.com/errata/RHSA-2016:1612

access.redhat.com/errata/RHSA-2016:1613

access.redhat.com/security/cve/CVE-2016-5385

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1353794

github.com/guzzle/guzzle/releases/tag/6.2.1

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

httpoxy.org/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/

lists.fedoraproject.org/archives/list/[email protected]/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/

lists.fedoraproject.org/archives/list/[email protected]/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/

lists.fedoraproject.org/archives/list/[email protected]/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/