CVE-2016-5386
high
CVSS v3
8.1
CVSS v2
6.8
VIR risk
8.1
Description
Improper input validation in net/http and net/http/cgi
Predictions
Exploit likelihood
88%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| fedora | 23 | affected | |
| fedora | 24 | affected | |
| rhel | 7.0 | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | stdlib | <1.6.3 | 1.6.3 |
References
- http://rhn.redhat.com/errata/RHSA-2016-1538.html
- http://www.kb.cert.org/vuls/id/797896
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1353798
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
- https://httpoxy.org/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WGHKKCFP4PLVSWQKCM3FJJPEWB5ZNTU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OR52UXGM6RKSCWF3KQMVZGVZVJ3WEESJ/
- https://go.dev/cl/25010
- https://go.googlesource.com/go/+/b97df54c31d6c4cc2a28a3c83725366d52329223
- https://go.dev/issue/16405
- https://groups.google.com/g/golang-announce/c/7jZDOQ8f8tM/m/eWRWHnc8CgAJ
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.