7.5
CVE-2016-6286
- EPSS 1.48%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- CVE-Watchlists
- Unerledigt
The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). This affects all versions of spiffy-cgi-handlers before 0.5.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Call-cc ≫ Http-client Version <= 0.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.48% | 0.705 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://lists.gnu.org/archive/html/chicken-announce/2016-07/msg00000.html
http://www.securityfocus.com/bid/92105