CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS v3 8.1 HIGH
CVSS v2.0 5.1 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1609.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1610.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1611.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1612.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1613.html	Broken Link Third Party Advisory
http://www.debian.org/security/2016/dsa-3631	Third Party Advisory
http://www.kb.cert.org/vuls/id/797896	Third Party Advisory US Government Resource
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Third Party Advisory
http://www.securityfocus.com/bid/91821	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036335	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353794	Issue Tracking Third Party Advisory VDB Entry
https://github.com/guzzle/guzzle/releases/tag/6.2.1	Release Notes Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
https://httpoxy.org/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
https://security.gentoo.org/glsa/201611-22	Third Party Advisory
https://www.drupal.org/SA-CORE-2016-003	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1609.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1610.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1611.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1612.html	Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1613.html	Broken Link Third Party Advisory
http://www.debian.org/security/2016/dsa-3631	Third Party Advisory
http://www.kb.cert.org/vuls/id/797896	Third Party Advisory US Government Resource
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Third Party Advisory
http://www.securityfocus.com/bid/91821	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036335	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353794	Issue Tracking Third Party Advisory VDB Entry
https://github.com/guzzle/guzzle/releases/tag/6.2.1	Release Notes Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
https://httpoxy.org/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
https://security.gentoo.org/glsa/201611-22	Third Party Advisory
https://www.drupal.org/SA-CORE-2016-003	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:::::::*
	cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:::::::*
	cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:::::::*
	cpe:2.3:o:oracle:linux:6:-::::::
	cpe:2.3:o:oracle:linux:7:-::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:23:::::::*
	cpe:2.3:o:fedoraproject:fedora:24:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:storeever_msl6480_tape_library_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:storeever_msl6480_tape_library:-:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 6 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 7 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:54

Information

Published : 2016-07-19 02:00

Updated : 2025-04-12 10:46

NVD link : CVE-2016-5385

Mitre link : CVE-2016-5385

CVE.ORG link : CVE-2016-5385

JSON object : View

Products Affected

oracle

enterprise_manager_ops_center
linux
communications_user_data_repository

php

debian

debian_linux

storeever_msl6480_tape_library_firmware
storeever_msl6480_tape_library
system_management_homepage

opensuse

leap

fedoraproject

fedora

drupal

drupal

redhat

enterprise_linux_workstation
enterprise_linux_desktop
enterprise_linux_server

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2016-5385", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2016-07-19T02:00:17.773", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2016/dsa-3631", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.kb.cert.org/vuls/id/797896", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/91821", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1036335", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://httpoxy.org/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201611-22", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.drupal.org/SA-CORE-2016-003", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2016/dsa-3631", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/797896", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/91821", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1036335", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://httpoxy.org/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201611-22", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.drupal.org/SA-CORE-2016-003", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue."}, {"lang": "es", "value": "PHP hasta la versi\u00f3n 7.0.8 no intenta abordar los conflictos de espacio de nombres de RFC 3875 secci\u00f3n 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que ppodr\u00eda permitir a atacantes remotos redireccionar el tr\u00e1fico HTTP saliente de una aplicaci\u00f3n a un servidor proxy arbitrario trav\u00e9s de una cabecera Proxy manipulada en una petici\u00f3n HTTP, seg\u00fan lo demostrado por (1) una aplicaci\u00f3n que hace una llamada getenv('HTTP_PROXY') o (2) una configuraci\u00f3n CGI de PHP, tambi\u00e9n conocido como problema \"httpoxy\"."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D2C3F5-73E2-4988-9416-940C3C09F25F"}, {"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0473C6C9-B0C5-43F0-AC8C-C0DAD30DACF8"}, {"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E94636C-58E3-4B5C-9B18-E5129F6B4A11"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F8B45C6-A877-4317-BCE5-EF9E9542276A"}, {"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876"}, {"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:storeever_msl6480_tape_library_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DD08A69-9606-479F-81BE-8F418DF05266", "versionEndIncluding": "5.09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:storeever_msl6480_tape_library:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C169BFCD-5DDB-4E19-92A4-C396EB6FCAA7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD3FEB80-163D-4589-B6A8-6BB1ADCB6A10", "versionEndIncluding": "7.5.5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F79D472-7AF7-4954-8C63-7C063613ADC6", "versionEndExcluding": "5.5.38", "versionStartIncluding": "5.5.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE57AD0E-537B-4A24-B296-589BFD241DD7", "versionEndExcluding": "5.6.24", "versionStartIncluding": "5.6.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "683B36BC-9508-4727-B755-173925688175", "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3934EDE6-6A75-4883-835D-4300E29E8C8D", "versionEndExcluding": "8.1.7", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

8.1 /10