{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SU-2015:2337", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://blog.phusion.nl/2015/12/07/cve-2015-7519/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/passenger-dec-2015-security-fixes"}, {"name": "[oss-security] 20151207 injecting environment variables into Phusion Passenger (CVE-2015-7519)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/12/07/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=956281"}, {"name": "[oss-security] 20151207 CVE-2015-7519: Phusion Passenger Header overwriting issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/12/07/1"}, {"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1399-1] ruby-passenger security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-7519", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2015:2337", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html"}, {"name": "https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e", "refsource": "CONFIRM", "url": "https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e"}, {"name": "https://blog.phusion.nl/2015/12/07/cve-2015-7519/", "refsource": "CONFIRM", "url": "https://blog.phusion.nl/2015/12/07/cve-2015-7519/"}, {"name": "https://puppet.com/security/cve/passenger-dec-2015-security-fixes", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/passenger-dec-2015-security-fixes"}, {"name": "[oss-security] 20151207 injecting environment variables into Phusion Passenger (CVE-2015-7519)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/07/2"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=956281", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=956281"}, {"name": "[oss-security] 20151207 CVE-2015-7519: Phusion Passenger Header overwriting issue", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/07/1"}, {"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1399-1] ruby-passenger security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:28.493Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2015:2337", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://blog.phusion.nl/2015/12/07/cve-2015-7519/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/passenger-dec-2015-security-fixes"}, {"name": "[oss-security] 20151207 injecting environment variables into Phusion Passenger (CVE-2015-7519)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/12/07/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=956281"}, {"name": "[oss-security] 20151207 CVE-2015-7519: Phusion Passenger Header overwriting issue", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/12/07/1"}, {"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1399-1] ruby-passenger security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7519", "datePublished": "2016-01-08T19:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:28.493Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*", "matchCriteriaId": "229C15B3-CA53-48D1-9C0D-AE5FE41DB898", "versionEndIncluding": "4.0.59", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "49C6BD64-D314-41DE-8568-18FAB1FE6E4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "AEAEA702-60D9-474A-9127-B32A04C3E981", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "74275030-3672-4425-8A1E-E9316377BA92", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "8C44CEC2-F531-4983-81A7-8C983126F54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1ADB5A6B-ABE5-493D-A25C-F43AFD78FCB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "547EAB56-1E4E-49FC-AD36-D91B1FABE33F", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E86EB4A2-7265-4EC7-B04B-06F74F34642A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C0A42C4C-6236-4C2B-BC50-9AAFA2AA26BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "12A071DA-2404-478C-A95F-0DEFFECE4B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3E0F970E-9293-4831-812B-BD59D3D34B82", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C441FB72-3D18-43F0-A6C7-CC9BC03FA793", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A5BE194B-B89E-4D30-9693-4A14354AD0FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "EC919748-014D-482C-9CF2-67436D1E6656", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "62A3F5AC-196E-4EA9-8FE1-93003B337965", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "442AE25D-A167-4AB2-8898-AFCFF562A1F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "3DE44E1C-AEB8-425B-8277-D78258154D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "4E596EE5-C311-4A50-A68F-936BFF771FBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "61400E33-7833-4EEF-AA33-5585290D8B68", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "B6973554-36EB-43D4-BDC7-52B742EAFFFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "894F0827-8924-46FD-83C5-F9E2CB756578", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "1007D5F9-B8D4-4283-9BF0-A5EF187861DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "FEFBB8A4-F7B9-464F-83B0-B407DD54FC85", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "2ED09D90-5A43-4FFD-9F0E-1E31F56AEB5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "741FF5DB-1BB1-4E3F-A358-4F6FBDCB9DFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "3F854688-6812-48B1-8873-45B206308791", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "81BDF312-8324-406D-AB4D-0FF55E7B73F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:phusionpassenger:phusion_passenger:5.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "4F7278BD-6278-402C-B941-FD8C8A72E88C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header."}, {"lang": "es", "value": "agent/Core/Controller/SendRequest.cpp en Phusion Passenger en versiones anteriores a 4.0.60 y 5.0.x en versiones anteriores a 5.0.22 cuando se usa en el modo de integraci\u00f3n Apache o en el modo aut\u00f3nomo sin un proxy que filtre, permite a atacantes remotos suplantar cabeceras pasadas a las aplicaciones utilizando un car\u00e1cter _ (underscore) en lugar de un car\u00e1cter - (dash) en una cabecera HTTP, seg\u00fan lo demostrado por una cabecera X_User."}], "id": "CVE-2015-7519", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-08T19:59:05.600", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/12/07/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/12/07/2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://blog.phusion.nl/2015/12/07/cve-2015-7519/"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.suse.com/show_bug.cgi?id=956281"}, {"source": "secalert@redhat.com", "url": "https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"}, {"source": "secalert@redhat.com", "url": "https://puppet.com/security/cve/passenger-dec-2015-security-fixes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/12/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/12/07/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://blog.phusion.nl/2015/12/07/cve-2015-7519/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.suse.com/show_bug.cgi?id=956281"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://puppet.com/security/cve/passenger-dec-2015-security-fixes"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "passenger: Header overwriting issue allowing user impersonation", "id": "1290405", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290405"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "draft"}, "cwe": "CWE-287", "details": ["agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header."], "name": "CVE-2015-7519", "package_state": [{"cpe": "cpe:/a:redhat:openstack-installer:5", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-passenger", "product_name": "OpenStack Foreman"}, {"cpe": "cpe:/a:redhat:openstack-installer:5", "fix_state": "Will not fix", "package_name": "rubygem-passenger", "product_name": "OpenStack Foreman"}, {"cpe": "cpe:/a:redhat:ceph_storage:1.3", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat Ceph Storage 1.3"}, {"cpe": "cpe:/a:redhat:ceph_storage:1.3", "fix_state": "Will not fix", "package_name": "rubygem-passenger", "product_name": "Red Hat Ceph Storage 1.3"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Will not fix", "package_name": "rubygem-passenger", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby200-rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "rubygem-passenger", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "tfm-rubygem-passenger", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-passenger40-passenger", "product_name": "Red Hat Software Collections"}], "public_date": "2015-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7519\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7519\nhttps://blog.phusion.nl/2015/12/07/cve-2015-7519/"], "threat_severity": "Moderate"}

{}