{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-03T17:22:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/91822"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/tns-2017-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1000104", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.openwall.com/lists/oss-security/2016/07/18/6", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"name": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"}, {"name": "http://www.securityfocus.com/bid/91822", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/91822"}, {"name": "https://www.tenable.com/security/tns-2017-04", "refsource": "MISC", "url": "https://www.tenable.com/security/tns-2017-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:55:26.411Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/bid/91822"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/tns-2017-04"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1000104", "datePublished": "2019-12-03T21:12:15", "dateReserved": "2016-07-18T00:00:00", "dateUpdated": "2024-08-06T03:55:26.411Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:mod_fcgid:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AC3895D-3B26-4503-A12B-B07F04E5BFED", "versionEndIncluding": "2016-07-07", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."}, {"lang": "es", "value": "Existe una vulnerabilidad de Bypass de seguridad en el Proxy FcgidPassHeader en mod_fcgid hasta el 2016-07-07."}], "id": "CVE-2016-1000104", "lastModified": "2024-11-21T02:42:52.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-03T22:15:13.480", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/91822"}, {"source": "cve@mitre.org", "url": "https://www.tenable.com/security/tns-2017-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/91822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tenable.com/security/tns-2017-04"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "bugzilla": {"description": "mod_fcgid: mod_fcgid sets environmental variable based on user supplied Proxy request header", "id": "1353760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353760"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "draft"}, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07."], "name": "CVE-2016-1000104", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "mod_fcgid", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-07-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1000104\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000104"], "statement": "This issue is addressed through the Apache HTTPD update for CVE-2016-5387 which prevent the Proxy header from automatically being converted into the HTTP_PROXY environmental variable. Unless the \"FcgidPassHeader Proxy\" is used mod_fcgid is not vulnerable to this attack when used with updated HTTPD. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Important"}