FreeBSD : Multiple ports -- Proxy HTTP header vulnerability (httpoxy) (cf0b5668-4d1b-11e6-b2ec-b499baebfeaf)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

httpoxy.org reports :

httpoxy is a set of vulnerabilities that affect application code
running in CGI, or CGI-like environments. It comes down to a simple
namespace conflict:.

- RFC 3875 (CGI) puts the HTTP Proxy header from a request into the
environment variables as HTTP_PROXY

- HTTP_PROXY is a popular environment variable used to configure an
outgoing proxy

This leads to a remotely exploitable vulnerability.

See also :

https://httpoxy.org/
https://www.kb.cert.org/vuls/id/797896
http://www.nessus.org/u?2413f04a

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92395 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now