VDB
RHSA-2016%3A1613
RHSA-2016%3A1613
PUBLISHED
CVSS 5 MEDIUM
Red Hat Security Advisory: php security and bug fix update
Risk Scores
CVSS 3.0
5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat:enterprise_linux:7::server | php-pdo | 0, 0 |
| Red Hat:enterprise_linux:7::client | php-ldap | 0, 0 |
| Red Hat:enterprise_linux:7::server | php-dba | 0, 0 |
| Red Hat:enterprise_linux:7::server | php-xml | 0, 0 |
| Red Hat:enterprise_linux:7::server | php-bcmath | 0, 0 |
| Red Hat:enterprise_linux:7::workstation | php-debuginfo | 0, 0 |
| Red Hat:enterprise_linux:7::workstation | php-pdo | 0, 0 |
| Red Hat:enterprise_linux:7::workstation | php-snmp | 0, 0 |
| Red Hat:enterprise_linux:7::client | php-mbstring | 0, 0 |
| Red Hat:enterprise_linux:7::workstation | php-ldap | 0, 0 |
| Red Hat:enterprise_linux:7::computenode | php-ldap | 0, 0 |
| Red Hat:enterprise_linux:7::client | php-recode | 0, 0 |
| Red Hat:enterprise_linux:7::computenode | php-bcmath | 0, 0 |
| Red Hat:enterprise_linux:7::server | php-process | 0, 0 |
| Red Hat:enterprise_linux:7::server | php-soap | 0, 0 |
| Red Hat:enterprise_linux:7::server | php-mysqlnd | 0, 0 |
| Red Hat:enterprise_linux:7::workstation | php-pgsql | 0, 0 |
| Red Hat:enterprise_linux:7::client | php-xmlrpc | 0, 0 |
| Red Hat:enterprise_linux:7::workstation | php-common | 0, 0 |
| Red Hat:enterprise_linux:7::server | php-recode | 0, 0 |
…and 84 more
Exploit Intelligence
- Attempts to detect web applications vulnerable to "httpoxy" (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-1000109, CVE-2016-1000110). The script attempts to detect this vulnerability by measuring the response time when assigning a non-existing proxy to the headers. In theory, vulnerable applications will try to connect to the bad proxy increasing the response time. To reduce false positives we run the test several times and we expect the response time from the request ... (nmap-nse)
- Attempts to detect web applications vulnerable to "httpoxy" (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-1000109, CVE-2016-1000110). The script attempts to detect this vulnerability by measuring the response time when assigning a non-existing proxy to the headers. In theory, vulnerable applications will try to connect to the bad proxy increasing the response time. To reduce false positives we run the test several times and we expect the response time from the request ... (nmap-nse)
Timeline
- Jul 22, 2016 PoC Published
- Aug 11, 2016 CVE Published
- Nov 21, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2016:1613 advisory
- https://access.redhat.com/security/updates/classification/#moderate article
- https://bugzilla.redhat.com/show_bug.cgi?id=1346758 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1353794 report
- https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1613.json advisory
- https://access.redhat.com/security/cve/CVE-2016-5385 report
- https://www.cve.org/CVERecord?id=CVE-2016-5385 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-5385 advisory