Oval Definition:oval:org.opensuse.security:def:20157519
Revision Date:2022-06-30Version:1
Title:CVE-2015-7519
Description:

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2015-7519
Mitre CVE-2015-7519
SUSE CVE-2015-7519
SUSE-SU-2015:2337-1
SUSE-SU-2015:2337-1
SUSE-SU-2016:0042-1
SUSE-SU-2016:0042-1
Platform(s):openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 12 is installed
  • AND Package Information
  • ruby2.1-rubygem-passenger-5.0.18-6 is installed
  • OR rubygem-passenger-5.0.18-6 is installed
  • OR rubygem-passenger-apache2-5.0.18-6 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ruby2.7-rubygem-passenger-6.0.8-3.2 is installed
  • OR ruby3.0-rubygem-passenger-6.0.8-3.2 is installed
  • OR rubygem-passenger-6.0.8-3.2 is installed
  • OR rubygem-passenger-apache2-6.0.8-3.2 is installed
  • OR rubygem-passenger-nginx-6.0.8-3.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 12 is installed
  • OR SUSE Linux Enterprise Module for Containers 12 is installed
  • OR SUSE Linux Enterprise Server 12 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND Package Information
  • ruby2.1-rubygem-passenger-5.0.18-6.1 is installed
  • OR rubygem-passenger-5.0.18-6.1 is installed
  • OR rubygem-passenger-apache2-5.0.18-6.1 is installed
    • BACK