VDB

GCVE-110-MAGEIA-2016-398

GCVE-110-MAGEIA-2016-398
Advisory Published
Vulnetix · Advisory published November 25, 2016
Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables. This could be used to carry out Man in the Middle Attacks (MIDM) or create connections to arbitrary hosts (CVE-2016-1000212).

Affected Products

VendorProductVersionsPlatforms
Mageialighttpd0 (affected), 1.4.37-1.1.mga5 (unaffected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›