CVE-2016-6286
N/A
N/A
Summary
The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). This affects all versions of spiffy-cgi-handlers before 0.5.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.gnu.org/archive/html/chicken-announce/2016-07/msg00000.html
- http://www.securityfocus.com/bid/92105
References
- http://lists.gnu.org/archive/html/chicken-announce/2016-07/msg00000.html
- http://www.securityfocus.com/bid/92105
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.