Details of VAR-201607-0657

ID

VAR-201607-0657

CVE

CVE-2016-5385

TITLE

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

Trust: 0.8

sources: CERT/CC: VU#797896

DESCRIPTION

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. PHP is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host. References: - CVE-2016-5385 - PHP, HTTPoxy SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php54-php security update Advisory ID: RHSA-2016:1610-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1610.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 ===================================================================== 1. Summary: An update for php54-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: php54-php-5.4.40-4.el6.src.rpm x86_64: php54-php-5.4.40-4.el6.x86_64.rpm php54-php-bcmath-5.4.40-4.el6.x86_64.rpm php54-php-cli-5.4.40-4.el6.x86_64.rpm php54-php-common-5.4.40-4.el6.x86_64.rpm php54-php-dba-5.4.40-4.el6.x86_64.rpm php54-php-debuginfo-5.4.40-4.el6.x86_64.rpm php54-php-devel-5.4.40-4.el6.x86_64.rpm php54-php-enchant-5.4.40-4.el6.x86_64.rpm php54-php-fpm-5.4.40-4.el6.x86_64.rpm php54-php-gd-5.4.40-4.el6.x86_64.rpm php54-php-imap-5.4.40-4.el6.x86_64.rpm php54-php-intl-5.4.40-4.el6.x86_64.rpm php54-php-ldap-5.4.40-4.el6.x86_64.rpm php54-php-mbstring-5.4.40-4.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el6.x86_64.rpm php54-php-odbc-5.4.40-4.el6.x86_64.rpm php54-php-pdo-5.4.40-4.el6.x86_64.rpm php54-php-pgsql-5.4.40-4.el6.x86_64.rpm php54-php-process-5.4.40-4.el6.x86_64.rpm php54-php-pspell-5.4.40-4.el6.x86_64.rpm php54-php-recode-5.4.40-4.el6.x86_64.rpm php54-php-snmp-5.4.40-4.el6.x86_64.rpm php54-php-soap-5.4.40-4.el6.x86_64.rpm php54-php-tidy-5.4.40-4.el6.x86_64.rpm php54-php-xml-5.4.40-4.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: php54-php-5.4.40-4.el7.src.rpm x86_64: php54-php-5.4.40-4.el7.x86_64.rpm php54-php-bcmath-5.4.40-4.el7.x86_64.rpm php54-php-cli-5.4.40-4.el7.x86_64.rpm php54-php-common-5.4.40-4.el7.x86_64.rpm php54-php-dba-5.4.40-4.el7.x86_64.rpm php54-php-debuginfo-5.4.40-4.el7.x86_64.rpm php54-php-devel-5.4.40-4.el7.x86_64.rpm php54-php-enchant-5.4.40-4.el7.x86_64.rpm php54-php-fpm-5.4.40-4.el7.x86_64.rpm php54-php-gd-5.4.40-4.el7.x86_64.rpm php54-php-intl-5.4.40-4.el7.x86_64.rpm php54-php-ldap-5.4.40-4.el7.x86_64.rpm php54-php-mbstring-5.4.40-4.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-4.el7.x86_64.rpm php54-php-odbc-5.4.40-4.el7.x86_64.rpm php54-php-pdo-5.4.40-4.el7.x86_64.rpm php54-php-pgsql-5.4.40-4.el7.x86_64.rpm php54-php-process-5.4.40-4.el7.x86_64.rpm php54-php-pspell-5.4.40-4.el7.x86_64.rpm php54-php-recode-5.4.40-4.el7.x86_64.rpm php54-php-snmp-5.4.40-4.el7.x86_64.rpm php54-php-soap-5.4.40-4.el7.x86_64.rpm php54-php-xml-5.4.40-4.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5385 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrPSRXlSAg2UNWIIRAm7eAJ46bwD5dNGjO2qoFKsoL92xftbbTgCgkeMg 3r5SaIOUCU9fw1VuBLjTlPI= =fzN3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information: https://php.net/ChangeLog-5.php#5.6.24 For the stable distribution (jessie), these problems have been fixed in version 5.6.24+dfsg-0+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 7.0.9-1 of the php7.0 source package. We recommend that you upgrade your php5 packages. 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05333297 Version: 2 HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-01-14 Last Updated: 2017-01-13 Potential Security Impact: Remote: Denial of Service (DoS), Unauthorized Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in PHP was addressed by the HPE StoreEver MSL6480 Tape Library firmware version 5.10. The vulnerability could be exploited remotely to allow Unauthorized Disclosure of Information or Denial of Service via the Ethernet Management Interface. Please note that the Management Interface cannot access data stored on tape media, so this vulnerability does not allow for remote unauthorized disclosure of data stored on tape media or remote denial of service. References: - CVE-2016-5385 - PHP, HTTPoxy - CVE-2016-3074 - PHP - CVE-2013-7456 - PHP - CVE-2016-5093 - PHP - CVE-2016-5094 - PHP - CVE-2016-5096 - PHP - CVE-2016-5766 - PHP - CVE-2016-5767 - PHP - CVE-2016-5768 - PHP - CVE-2016-5769 - PHP - CVE-2016-5770 - PHP - CVE-2016-5771 - PHP - CVE-2016-5772 - PHP - CVE-2016-5773 - PHP - CVE-2016-6207 - GD Graphics Library - CVE-2016-6289 - PHP - CVE-2016-6290 - PHP - CVE-2016-6291 - PHP - CVE-2016-6292 - PHP - CVE-2016-6293 - PHP - CVE-2016-6294 - PHP - CVE-2016-6295 - PHP - CVE-2016-6296 - PHP - CVE-2016-6297 - PHP - CVE-2016-5399 - PHP SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP StoreEver MSL6480 Tape Library prior to 5.10 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2013-7456 7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-3074 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5093 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5094 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5096 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5385 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5399 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5766 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5767 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5768 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5769 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5770 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5771 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5772 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5773 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-6207 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-6289 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-6290 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-6291 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-6292 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2016-6293 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-6294 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-6295 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-6296 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-6297 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has provided the following software update to resolve the vulnerabilities for the impacted versions of the HPE StoreEver MSL6480 Tape Library: * <http://www.hpe.com/support/msl6480> HISTORY Version:1 (rev.1) - 15 November 2016 Initial release Version:2 (rev.2) - 13 January 2017 Updating CVE list Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201611-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 30, 2016 Bugs: #578734, #581834, #584204, #587246, #591710, #594498, #597586, #599326 ID: 201611-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution or cause a Denial of Service condition. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.6.28 >= 5.6.28 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.28" References ========== [ 1 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865 [ 2 ] CVE-2016-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074 [ 3 ] CVE-2016-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071 [ 4 ] CVE-2016-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072 [ 5 ] CVE-2016-4073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073 [ 6 ] CVE-2016-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537 [ 7 ] CVE-2016-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538 [ 8 ] CVE-2016-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539 [ 9 ] CVE-2016-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540 [ 10 ] CVE-2016-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541 [ 11 ] CVE-2016-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542 [ 12 ] CVE-2016-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543 [ 13 ] CVE-2016-4544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544 [ 14 ] CVE-2016-5385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385 [ 15 ] CVE-2016-6289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289 [ 16 ] CVE-2016-6290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290 [ 17 ] CVE-2016-6291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291 [ 18 ] CVE-2016-6292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292 [ 19 ] CVE-2016-6294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294 [ 20 ] CVE-2016-6295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295 [ 21 ] CVE-2016-6296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296 [ 22 ] CVE-2016-6297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297 [ 23 ] CVE-2016-7124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124 [ 24 ] CVE-2016-7125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125 [ 25 ] CVE-2016-7126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126 [ 26 ] CVE-2016-7127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127 [ 27 ] CVE-2016-7128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128 [ 28 ] CVE-2016-7129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129 [ 29 ] CVE-2016-7130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130 [ 30 ] CVE-2016-7131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131 [ 31 ] CVE-2016-7132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132 [ 32 ] CVE-2016-7133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133 [ 33 ] CVE-2016-7134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134 [ 34 ] CVE-2016-7411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411 [ 35 ] CVE-2016-7412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412 [ 36 ] CVE-2016-7413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413 [ 37 ] CVE-2016-7414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414 [ 38 ] CVE-2016-7416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416 [ 39 ] CVE-2016-7417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417 [ 40 ] CVE-2016-7418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201611-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.7

sources: NVD: CVE-2016-5385 // CERT/CC: VU#797896 // BID: 91821 // VULHUB: VHN-94204 // PACKETSTORM: 139744 // PACKETSTORM: 138296 // PACKETSTORM: 138070 // PACKETSTORM: 138295 // PACKETSTORM: 138298 // PACKETSTORM: 143933 // PACKETSTORM: 140515 // PACKETSTORM: 139968

AFFECTED PRODUCTS

vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 1.3
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 1.3
vendor:	oracle	model:	communications user data repository	scope:	eq	version:	10.0.1	Trust: 1.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.3.2	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.2.2	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	42.1	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	php	model:	php	scope:	lte	version:	7.0.8	Trust: 1.0
vendor:	hp	model:	storeever msl6480 tape library	scope:	lte	version:	5.09	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.5.38	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.6.24	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	oracle	model:	communications user data repository	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.1.7	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	23	Trust: 1.0
vendor:	hp	model:	system management homepage	scope:	lte	version:	7.5.5.0	Trust: 1.0
vendor:	oracle	model:	communications user data repository	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	24	Trust: 1.0
vendor:	apache http server	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	go programming language	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	haproxy	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hhvm	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	python	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	the php group	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	lighttpd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nginx	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	linux	scope:	eq	version:	7.0	Trust: 0.6
vendor:	hp	model:	storeever msl6480 tape library	scope:	eq	version:	0	Trust: 0.3
vendor:	hp	model:	storeever msl6480 tape library	scope:	eq	version:	4.90	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.2	Trust: 0.3
vendor:	ibm	model:	tealeaf customer experience on cloud network capture add-on	scope:	eq	version:	16.1.01	Trust: 0.3
vendor:	typo3	model:	typo3	scope:	eq	version:	8.1	Trust: 0.3
vendor:	ibm	model:	api connect	scope:	eq	version:	5.0.3.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.1	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.8	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	ne	version:	2.1.1.3-65.12	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.20	Trust: 0.3
vendor:	ibm	model:	powerkvm update	scope:	ne	version:	3.1.0.22	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.0	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.23	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.1.0.4	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.5	Trust: 0.3
vendor:	php	model:	php	scope:	ne	version:	7.0.9	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	3.13	Trust: 0.3
vendor:	typo3	model:	typo3	scope:	ne	version:	8.2.1	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	ne	version:	7.6	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.24	Trust: 0.3
vendor:	hp	model:	storeever msl6480 tape library	scope:	eq	version:	4.40	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.14	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.4	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.5	Trust: 0.3
vendor:	ibm	model:	powerkvm sp3	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	2.1.165.4	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.2	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	2.1.165.6	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.1.0	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1.1.3-65	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.2.0.4	Trust: 0.3
vendor:	typo3	model:	typo3	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	ibm	model:	powerkvm sp2	scope:	eq	version:	3.1	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.13	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.1.5	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	guzzle	model:	guzzle	scope:	ne	version:	6.2.1	Trust: 0.3
vendor:	oracle	model:	communications user data repository	scope:	eq	version:	10.2	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	2.1.165.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.36	Trust: 0.3
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.1.4	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	2.1.157	Trust: 0.3
vendor:	guzzle	model:	guzzle	scope:	eq	version:	5	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0.8	Trust: 0.3
vendor:	ibm	model:	powerkvm update	scope:	eq	version:	3.1.0.21	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.7	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.21	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	typo3	model:	typo3	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	3.12	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.0	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.4	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	2.1.165.5	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	3.1.0.2	Trust: 0.3
vendor:	ibm	model:	api connect	scope:	eq	version:	5.0.1.0	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.10	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.6	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	ibm	model:	api connect	scope:	eq	version:	5.0.2.0	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	ibm	model:	powerkvm sp1	scope:	eq	version:	3.1	Trust: 0.3
vendor:	guzzle	model:	guzzle	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	php	model:	php	scope:	ne	version:	5.6.24	Trust: 0.3
vendor:	hp	model:	storeever msl6480 tape library	scope:	ne	version:	5.10	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.34	Trust: 0.3
vendor:	typo3	model:	typo3	scope:	eq	version:	8.0.0	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	ne	version:	8.1.7	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.9	Trust: 0.3
vendor:	guzzle	model:	4.0.0-rc2	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.26	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	2.1.165.7	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.0.4	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	6.0	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.19	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.3	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.4.0.4	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.2	Trust: 0.3
vendor:	hp	model:	storeever msl6480 tape library	scope:	eq	version:	4.10	Trust: 0.3
vendor:	typo3	model:	typo3	scope:	eq	version:	8.2	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.11	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.3	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.2.0.4	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.18	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.17	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.22	Trust: 0.3
vendor:	ibm	model:	api connect	scope:	eq	version:	5.0.0.1	Trust: 0.3
vendor:	hp	model:	system management homepage	scope:	eq	version:	7.1	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	7.0.7	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.1	Trust: 0.3
vendor:	oracle	model:	communications user data repository	scope:	eq	version:	12.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.3.0.4	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1.1.3-65.11	Trust: 0.3
vendor:	php	model:	php	scope:	eq	version:	5.6.12	Trust: 0.3
vendor:	guzzle	model:	guzzle	scope:	eq	version:	5.3	Trust: 0.3
vendor:	drupal	model:	drupal	scope:	eq	version:	8.1.6	Trust: 0.3
vendor:	oracle	model:	communications user data repository	scope:	eq	version:	10.0	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	eq	version:	2.1.158	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1.1.3-65.10	Trust: 0.3

sources: CERT/CC: VU#797896 // BID: 91821 // CNNVD: CNNVD-201607-538 // NVD: CVE-2016-5385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5385
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201607-538
value:	HIGH
Trust: 0.6
VULHUB:	VHN-94204
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-5385
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-94204
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5385
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-94204 // CNNVD: CNNVD-201607-538 // NVD: CVE-2016-5385

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.1
problemtype:	CWE-284	Trust: 0.1

sources: VULHUB: VHN-94204 // NVD: CVE-2016-5385

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 138296 // PACKETSTORM: 138295 // PACKETSTORM: 138298 // PACKETSTORM: 140515 // CNNVD: CNNVD-201607-538

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201607-538

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-94204

PATCH

title:

PHP CGI Web server httpoxy Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=62998

Trust: 0.6

sources: CNNVD: CNNVD-201607-538

EXTERNAL IDS

db:	CERT/CC	id:	VU#797896	Trust: 2.8
db:	NVD	id:	CVE-2016-5385	Trust: 2.8
db:	BID	id:	91821	Trust: 2.0
db:	SECTRACK	id:	1036335	Trust: 1.7
db:	CNNVD	id:	CNNVD-201607-538	Trust: 0.7
db:	PACKETSTORM	id:	138295	Trust: 0.2
db:	PACKETSTORM	id:	143933	Trust: 0.2
db:	PACKETSTORM	id:	138298	Trust: 0.2
db:	PACKETSTORM	id:	139744	Trust: 0.2
db:	PACKETSTORM	id:	138296	Trust: 0.2
db:	PACKETSTORM	id:	138070	Trust: 0.2
db:	PACKETSTORM	id:	138299	Trust: 0.1
db:	PACKETSTORM	id:	138297	Trust: 0.1
db:	PACKETSTORM	id:	138014	Trust: 0.1
db:	VULHUB	id:	VHN-94204	Trust: 0.1
db:	PACKETSTORM	id:	140515	Trust: 0.1
db:	PACKETSTORM	id:	139968	Trust: 0.1

sources: CERT/CC: VU#797896 // VULHUB: VHN-94204 // BID: 91821 // PACKETSTORM: 139744 // PACKETSTORM: 138296 // PACKETSTORM: 138070 // PACKETSTORM: 138295 // PACKETSTORM: 138298 // PACKETSTORM: 143933 // PACKETSTORM: 140515 // PACKETSTORM: 139968 // CNNVD: CNNVD-201607-538 // NVD: CVE-2016-5385

REFERENCES

url:	http://www.securityfocus.com/bid/91821	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3631	Trust: 2.3
url:	http://www.kb.cert.org/vuls/id/797896	Trust: 2.0
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 2.0
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 2.0
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1353794	Trust: 2.0
url:	https://www.drupal.org/sa-core-2016-003	Trust: 2.0
url:	https://security.gentoo.org/glsa/201611-22	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-1609.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-1610.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-1612.html	Trust: 1.8
url:	http://www.securitytracker.com/id/1036335	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-1611.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-1613.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	https://github.com/guzzle/guzzle/releases/tag/6.2.1	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05333297	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html	Trust: 1.7
url:	https://www.apache.org/security/asf-httpoxy-response.txt	Trust: 1.6
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03770en_us	Trust: 1.6
url:	https://httpoxy.org/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2016-5385	Trust: 0.9
url:	https://tools.ietf.org/html/rfc3875	Trust: 0.8
url:	https://httpoxy.org	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/807.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/454.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5385	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:1613	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:1612	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:1611	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:1610	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:1609	Trust: 0.6
url:	httpoxy.org/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/	Trust: 0.6
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05333297	Trust: 0.5
url:	https://github.com/friendsofphp/security-advisories/commit/7ed8f8e3a87f7be13dd70cccd54f8701be1be6e0	Trust: 0.3
url:	http://www.php.net/	Trust: 0.3
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024261	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024735	Trust: 0.3
url:	https://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.html	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21993929	Trust: 0.3
url:	http://www.ibm.com/support/docview.wss?uid=swg21994534	Trust: 0.3
url:	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-019/	Trust: 0.3
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.3
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.3
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.3
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6294	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6289	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6297	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6291	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6292	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6295	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6296	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6290	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5399	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3074	Trust: 0.2
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03770en_us	Trust: 0.1
url:	http://h20564.www2.hpe.com/hpsc/swd/public/readindex?sp4ts.oid=5385625&swlan	Trust: 0.1
url:	https://php.net/changelog-5.php#5.6.24	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03770en_us	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5387	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5386	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-7456	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5770	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5093	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5772	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5771	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6207	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5768	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5767	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5094	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5769	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5096	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6293	Trust: 0.1
url:	http://www.hpe.com/support/msl6480>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6297	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7131	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7417	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4537	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4542	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7124	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7124	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7125	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7129	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4538	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7132	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8865	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4538	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4542	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6292	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7416	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7126	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4544	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8865	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4072	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6289	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7128	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4073	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4071	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6296	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5385	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4539	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4072	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7128	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7134	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7411	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4537	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7413	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4541	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7130	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6290	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7414	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4544	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7127	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4543	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6294	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7126	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4541	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4071	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7133	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6295	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6291	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4073	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7125	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4543	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7129	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7412	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7418	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7127	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3074	Trust: 0.1

CREDITS

Scott Geary (VendHQ)

Trust: 0.3

sources: BID: 91821

SOURCES

db:	CERT/CC	id:	VU#797896
db:	VULHUB	id:	VHN-94204
db:	BID	id:	91821
db:	PACKETSTORM	id:	139744
db:	PACKETSTORM	id:	138296
db:	PACKETSTORM	id:	138070
db:	PACKETSTORM	id:	138295
db:	PACKETSTORM	id:	138298
db:	PACKETSTORM	id:	143933
db:	PACKETSTORM	id:	140515
db:	PACKETSTORM	id:	139968
db:	CNNVD	id:	CNNVD-201607-538
db:	NVD	id:	CVE-2016-5385

LAST UPDATE DATE

2025-03-02T22:09:52.277000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#797896	date:	2016-07-19T00:00:00
db:	VULHUB	id:	VHN-94204	date:	2023-02-12T00:00:00
db:	BID	id:	91821	date:	2018-01-18T09:00:00
db:	CNNVD	id:	CNNVD-201607-538	date:	2023-04-03T00:00:00
db:	NVD	id:	CVE-2016-5385	date:	2024-11-21T02:54:12.637

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#797896	date:	2016-07-18T00:00:00
db:	VULHUB	id:	VHN-94204	date:	2016-07-19T00:00:00
db:	BID	id:	91821	date:	2016-07-18T00:00:00
db:	PACKETSTORM	id:	139744	date:	2016-11-16T00:48:12
db:	PACKETSTORM	id:	138296	date:	2016-08-12T18:03:00
db:	PACKETSTORM	id:	138070	date:	2016-07-27T14:25:39
db:	PACKETSTORM	id:	138295	date:	2016-08-12T18:02:52
db:	PACKETSTORM	id:	138298	date:	2016-08-12T18:03:22
db:	PACKETSTORM	id:	143933	date:	2017-08-28T21:22:00
db:	PACKETSTORM	id:	140515	date:	2017-01-15T23:24:00
db:	PACKETSTORM	id:	139968	date:	2016-12-01T16:38:01
db:	CNNVD	id:	CNNVD-201607-538	date:	2016-07-19T00:00:00
db:	NVD	id:	CVE-2016-5385	date:	2016-07-19T02:00:17.773