aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfeld <feld@FreeBSD.org>2016-07-20 20:25:51 +0800
committerfeld <feld@FreeBSD.org>2016-07-20 20:25:51 +0800
commit4415fc584d7da4e89f4a50811804c3d14269fda6 (patch)
tree3a38d955014e7399a2b4110ad96c2ce9f5a093dc
parent40d696908a53b62ed024fc709ff880b1c230eabc (diff)
downloadfreebsd-ports-gnome-4415fc584d7da4e89f4a50811804c3d14269fda6.tar.gz
freebsd-ports-gnome-4415fc584d7da4e89f4a50811804c3d14269fda6.tar.zst
freebsd-ports-gnome-4415fc584d7da4e89f4a50811804c3d14269fda6.zip
Remove HTTPoxy entry in vuxml until a we know if upstream vendors will
patch this so things aren't marked vulnerable forever.
Diffstat
-rw-r--r--security/vuxml/vuln.xml103
1 files changed, 0 insertions, 103 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 0161706e8d4c..d1b12655046f 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -96,109 +96,6 @@ Notes:
</dates>
</vuln>
- <vuln vid="cf0b5668-4d1b-11e6-b2ec-b499baebfeaf">
- <topic>Multiple ports -- Proxy HTTP header vulnerability (httpoxy)</topic>
- <affects>
- <package>
- <name>apache22</name>
- <name>apache22-event-mpm</name>
- <name>apache22-itk-mpm</name>
- <name>apache22-peruser-mpm</name>
- <name>apache22-worker-mpm</name>
- <range><lt>2.2.31_1</lt></range>
- </package>
- <package>
- <name>apache24</name>
- <range><lt>2.4.23_1</lt></range>
- </package>
- <package>
- <name>tomcat6</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>tomcat7</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>tomcat8</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>php55</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>php56</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>php70</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>nginx</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>go</name>
- <range><lt>1.6.3</lt></range>
- </package>
- <package>
- <name>go14</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>python27</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>python33</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>python34</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>python35</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>haproxy</name>
- <range><ge>0</ge></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>httpoxy.org reports:</p>
- <blockquote cite="https://httpoxy.org/">
- <p>httpoxy is a set of vulnerabilities that affect application code
- running in CGI, or CGI-like environments. It comes down to a simple
- namespace conflict:.</p>
- <ul><li>RFC 3875 (CGI) puts the HTTP Proxy header from a request into
- the environment variables as HTTP_PROXY</li>
- <li>HTTP_PROXY is a popular environment variable used to configure
- an outgoing proxy</li></ul>
- <p>This leads to a remotely exploitable vulnerability.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <url>https://httpoxy.org/</url>
- <url>https://www.kb.cert.org/vuls/id/797896</url>
- <url>CVE-2016-5385</url>
- <url>CVE-2016-5386</url>
- <url>CVE-2016-5387</url>
- <url>CVE-2016-5388</url>
- <url>CVE-2016-1000110</url>
- </references>
- <dates>
- <discovery>2016-07-18</discovery>
- <entry>2016-07-18</entry>
- <modified>2016-07-19</modified>
- </dates>
- </vuln>
-
<vuln vid="00cb1469-4afc-11e6-97ea-002590263bf5">
<topic>atutor -- multiple vulnerabilites</topic>
<affects>
generated by cgit (git 2.34.1) at 2025-01-03 22:52:55 +0800