7.5.5.0 : Security Vulnerabilities Published In 2016

Cpe Name:cpe:/a:hp:system_management_homepage:7.5.5.0

2016 : January February March April May June July August September October November December

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2016-5388	284		2016-07-18	2019-08-13	5.1	None	Remote	High	Not required	Partial	Partial	Partial
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.
2	CVE-2016-5387	284		2016-07-18	2018-01-18	5.1	None	Remote	High	Not required	Partial	Partial	Partial
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
3	CVE-2016-5385	284		2016-07-18	2018-01-18	5.1	None	Remote	High	Not required	Partial	Partial	Partial
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
4	CVE-2016-4396	119	Overflow	2016-10-28	2017-02-16	7.8	None	Remote	Low	Not required	None	Complete	None
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
5	CVE-2016-4395	119	Overflow	2016-10-28	2017-02-16	7.8	None	Remote	Low	Not required	None	Complete	None
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
6	CVE-2016-4394	254	+Info	2016-10-28	2017-02-16	5.8	None	Remote	Medium	Not required	None	Partial	Partial
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.
7	CVE-2016-4393	79	XSS +Info	2016-10-28	2017-02-16	3.5	None	Remote	Medium	Single system	None	Partial	None
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

Total number of vulnerabilities : 7 Page : 1 (This Page)