Advisories ยป MGASA-2016-0398

Updated lighttpd packages fix security vulnerability

Publication date: 25 Nov 2016
Modification date: 25 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1000212

Description

Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour
in the lighttpd web server. Lighttpd assigned Proxy header values from
client requests to internal HTTP_PROXY environment variables. This could
be used to carry out Man in the Middle Attacks (MIDM) or create
connections to arbitrary hosts (CVE-2016-1000212).
                

References

SRPMS

5/core