[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2016-731 ---- golang

ID: oval:org.secpod.oval:def:1600442Date: (C)2016-08-23   (M)2023-12-20
Class: PATCHFamily: unix




An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go"s net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.

Platform:
Amazon Linux AMI
Product:
golang
Reference:
ALAS-2016-731
CVE-2016-5386
CVE    1
CVE-2016-5386
CPE    2
cpe:/o:amazon:linux
cpe:/a:golang:golang

© SecPod Technologies