Skip to main content

Web Servers CGI Multiple Vulnerabilities

Last Update Date: 19 Jul 2016 11:00 Release Date: 19 Jul 2016 2777 Views

RISK: High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in web servers running CGI, a attacker can exploited these vulnerabilities to redirect the target CGI application requests to an arbitrary web proxy in certain cases.

 

Note: for certain products, please apply mitigation according to the vendor advice if patch is not available.


Impact

  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

  • nginx
  • PHP
  • Apache Tomcat
  • Apache HTTPD
  • Apache Perl

Note:All CGI applications use the HTTP_PROXY variable are affected


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Please refer to the vendor's links

Vulnerability Identifier


Source


Related Link