[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-5385":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":26,"downstream":27,"duplicates":52,"related":55,"reserved_at":9,"published_at":59,"modified_at":60,"state":61,"summary":62,"references_raw":71,"kevs":191,"epss":192,"epss_history":195,"metrics":411,"affected":422},"CVE-2016-5385","PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-601","URL Redirection to Untrusted Site ('Open Redirect')","The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.","weakness","Draft","Base","Low",[20],{"id":21,"name":22,"techniques":23},"CAPEC-178","Cross-Site Flashing",[],[],[],[],[28,30,32,34,36,38,40,42,44,46,48,50],{"_key":29},"RHSA-2016:1609",{"_key":31},"RHSA-2016:1610",{"_key":33},"RHSA-2016:1611",{"_key":35},"RHSA-2016:1612",{"_key":37},"RHSA-2016:1613",{"_key":39},"SUSE-SU-2016:1842-1",{"_key":41},"SUSE-SU-2016:2941-1",{"_key":43},"OPENSUSE-SU-2024:11175-1",{"_key":45},"DLA-749-1",{"_key":47},"DSA-3631-1",{"_key":49},"UBUNTU-CVE-2016-5385",{"_key":51},"USN-3045-1",[53],{"_key":54},"CVE-2016-1000100",[56,57,58],{"_key":39},{"_key":41},{"_key":43},"2016-07-19T01:00:00.000Z","2024-08-06T01:00:59.934Z","Modified",{"cisa_kev":63,"cisa_ransomware":63,"cisa_vendor":9,"epss_severity":64,"epss_score":65,"severity":66,"severity_score":67,"severity_version":68,"severity_source":69,"severity_vector":70,"severity_status":61},false,"critical",0.83504,"high",8.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[72,79,85,89,95,100,105,110,114,118,124,128,132,137,143,147,151,155,159,164,169,173,177,182,186],{"url":73,"sources":74,"tags":76},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/",[75,69],"cve.org",[77,78],"Vendor Advisory","X Refsource FEDORA",{"url":80,"sources":81,"tags":82},"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",[75,69],[83,84],"X Refsource CONFIRM","Third Party Advisory",{"url":86,"sources":87,"tags":88},"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297",[75,69],[83,84],{"url":90,"sources":91,"tags":92},"http://www.kb.cert.org/vuls/id/797896",[75,69],[84,93,94],"X Refsource CERT VN","US Government Resource",{"url":96,"sources":97,"tags":98},"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",[75,69],[83,99,84],"Patch",{"url":101,"sources":102,"tags":103},"https://security.gentoo.org/glsa/201611-22",[75,69],[77,104,84],"X Refsource GENTOO",{"url":106,"sources":107,"tags":108},"http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html",[75,69],[77,109,84],"X Refsource SUSE",{"url":111,"sources":112,"tags":113},"https://www.drupal.org/SA-CORE-2016-003",[75,69],[83,84],{"url":115,"sources":116,"tags":117},"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",[75,69],[83,84],{"url":119,"sources":120,"tags":121},"http://rhn.redhat.com/errata/RHSA-2016-1613.html",[75,69],[77,122,123,84],"X Refsource REDHAT","Broken Link",{"url":125,"sources":126,"tags":127},"http://rhn.redhat.com/errata/RHSA-2016-1611.html",[75,69],[77,122,123,84],{"url":129,"sources":130,"tags":131},"http://rhn.redhat.com/errata/RHSA-2016-1610.html",[75,69],[77,122,123,84],{"url":133,"sources":134,"tags":135},"http://www.debian.org/security/2016/dsa-3631",[75,69],[77,136,84],"X Refsource DEBIAN",{"url":138,"sources":139,"tags":140},"http://www.securityfocus.com/bid/91821",[75,69],[141,142,84],"VDB Entry","X Refsource BID",{"url":144,"sources":145,"tags":146},"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",[75,69],[83,84],{"url":148,"sources":149,"tags":150},"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",[75,69],[83,84],{"url":152,"sources":153,"tags":154},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/",[75,69],[77,78],{"url":156,"sources":157,"tags":158},"http://rhn.redhat.com/errata/RHSA-2016-1609.html",[75,69],[77,122,123,84],{"url":160,"sources":161,"tags":162},"http://www.securitytracker.com/id/1036335",[75,69],[141,163,84],"X Refsource SECTRACK",{"url":165,"sources":166,"tags":167},"https://httpoxy.org/",[75,69],[168,84],"X Refsource MISC",{"url":170,"sources":171,"tags":172},"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",[75,69],[83,99,84],{"url":174,"sources":175,"tags":176},"http://rhn.redhat.com/errata/RHSA-2016-1612.html",[75,69],[77,122,123,84],{"url":178,"sources":179,"tags":180},"https://bugzilla.redhat.com/show_bug.cgi?id=1353794",[75,69],[83,181,84,141],"Issue Tracking",{"url":183,"sources":184,"tags":185},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/",[75,69],[77,78],{"url":187,"sources":188,"tags":189},"https://github.com/guzzle/guzzle/releases/tag/6.2.1",[75,69],[83,190,84],"Release Notes",[],{"date":193,"score":65,"percentile":194},"2026-06-04",0.99296,[196,200,202,204,206,209,211,213,215,217,220,222,224,226,228,231,234,236,238,240,242,244,246,249,252,254,256,258,262,265,268,271,274,276,279,282,285,287,289,291,293,295,297,300,302,304,307,310,312,314,317,321,324,326,329,332,334,336,338,342,344,346,348,351,353,355,358,361,364,366,368,370,372,374,377,379,381,383,385,387,389,392,394,396,398,400,402,404,406,408],{"date":197,"score":198,"percentile":199},"2025-11-04",0.85215,0.99307,{"date":201,"score":198,"percentile":199},"2025-11-05",{"date":203,"score":198,"percentile":199},"2025-11-06",{"date":205,"score":198,"percentile":199},"2025-11-07",{"date":207,"score":198,"percentile":208},"2025-11-08",0.99306,{"date":210,"score":198,"percentile":199},"2025-11-09",{"date":212,"score":198,"percentile":199},"2025-11-10",{"date":214,"score":198,"percentile":199},"2025-11-11",{"date":216,"score":198,"percentile":199},"2025-11-12",{"date":218,"score":198,"percentile":219},"2025-11-13",0.99308,{"date":221,"score":198,"percentile":219},"2025-11-14",{"date":223,"score":198,"percentile":219},"2025-11-15",{"date":225,"score":198,"percentile":199},"2025-11-16",{"date":227,"score":198,"percentile":199},"2025-11-17",{"date":229,"score":198,"percentile":230},"2025-11-18",0.9944,{"date":232,"score":198,"percentile":233},"2025-11-19",0.99441,{"date":235,"score":198,"percentile":230},"2025-11-20",{"date":237,"score":198,"percentile":208},"2025-11-21",{"date":239,"score":198,"percentile":208},"2025-11-22",{"date":241,"score":198,"percentile":199},"2025-11-23",{"date":243,"score":198,"percentile":199},"2025-11-24",{"date":245,"score":198,"percentile":219},"2025-11-25",{"date":247,"score":198,"percentile":248},"2025-11-26",0.99309,{"date":250,"score":198,"percentile":251},"2025-11-27",0.9931,{"date":253,"score":198,"percentile":251},"2025-11-28",{"date":255,"score":198,"percentile":251},"2025-11-29",{"date":257,"score":198,"percentile":251},"2025-11-30",{"date":259,"score":260,"percentile":261},"2025-12-01",0.79135,0.99019,{"date":263,"score":260,"percentile":264},"2025-12-02",0.9902,{"date":266,"score":260,"percentile":267},"2025-12-03",0.99021,{"date":269,"score":270,"percentile":251},"2025-12-04",0.85204,{"date":272,"score":270,"percentile":273},"2025-12-05",0.99311,{"date":275,"score":270,"percentile":273},"2025-12-06",{"date":277,"score":270,"percentile":278},"2025-12-07",0.99312,{"date":280,"score":270,"percentile":281},"2025-12-08",0.99313,{"date":283,"score":270,"percentile":284},"2025-12-09",0.99314,{"date":286,"score":270,"percentile":284},"2025-12-10",{"date":288,"score":270,"percentile":284},"2025-12-11",{"date":290,"score":270,"percentile":284},"2025-12-12",{"date":292,"score":270,"percentile":284},"2025-12-13",{"date":294,"score":270,"percentile":284},"2025-12-14",{"date":296,"score":270,"percentile":284},"2025-12-15",{"date":298,"score":270,"percentile":299},"2025-12-16",0.99316,{"date":301,"score":270,"percentile":299},"2025-12-17",{"date":303,"score":270,"percentile":299},"2025-12-18",{"date":305,"score":270,"percentile":306},"2025-12-19",0.99317,{"date":308,"score":270,"percentile":309},"2025-12-20",0.99318,{"date":311,"score":270,"percentile":309},"2025-12-21",{"date":313,"score":270,"percentile":309},"2025-12-22",{"date":315,"score":270,"percentile":316},"2025-12-23",0.99319,{"date":318,"score":319,"percentile":320},"2025-12-24",0.82999,0.99219,{"date":322,"score":319,"percentile":323},"2025-12-25",0.9922,{"date":325,"score":319,"percentile":323},"2025-12-26",{"date":327,"score":319,"percentile":328},"2025-12-27",0.99222,{"date":330,"score":319,"percentile":331},"2025-12-28",0.99221,{"date":333,"score":319,"percentile":331},"2025-12-29",{"date":335,"score":319,"percentile":331},"2025-12-30",{"date":337,"score":319,"percentile":328},"2025-12-31",{"date":339,"score":340,"percentile":341},"2026-01-01",0.75639,0.9887,{"date":343,"score":340,"percentile":341},"2026-01-02",{"date":345,"score":340,"percentile":341},"2026-01-03",{"date":347,"score":319,"percentile":328},"2026-01-04",{"date":349,"score":319,"percentile":350},"2026-01-05",0.99224,{"date":352,"score":319,"percentile":350},"2026-01-06",{"date":354,"score":319,"percentile":350},"2026-01-07",{"date":356,"score":319,"percentile":357},"2026-01-08",0.99225,{"date":359,"score":319,"percentile":360},"2026-01-09",0.99226,{"date":362,"score":319,"percentile":363},"2026-01-10",0.99227,{"date":365,"score":319,"percentile":360},"2026-01-11",{"date":367,"score":319,"percentile":360},"2026-01-12",{"date":369,"score":319,"percentile":357},"2026-01-13",{"date":371,"score":319,"percentile":360},"2026-01-14",{"date":373,"score":319,"percentile":363},"2026-01-15",{"date":375,"score":319,"percentile":376},"2026-01-16",0.99228,{"date":378,"score":319,"percentile":376},"2026-01-17",{"date":380,"score":319,"percentile":363},"2026-01-18",{"date":382,"score":319,"percentile":363},"2026-01-19",{"date":384,"score":319,"percentile":363},"2026-01-20",{"date":386,"score":319,"percentile":376},"2026-01-21",{"date":388,"score":319,"percentile":376},"2026-01-22",{"date":390,"score":319,"percentile":391},"2026-01-23",0.99229,{"date":393,"score":319,"percentile":391},"2026-01-24",{"date":395,"score":319,"percentile":376},"2026-01-25",{"date":397,"score":319,"percentile":376},"2026-01-26",{"date":399,"score":319,"percentile":376},"2026-01-27",{"date":401,"score":319,"percentile":376},"2026-01-28",{"date":403,"score":319,"percentile":391},"2026-01-29",{"date":405,"score":319,"percentile":376},"2026-01-30",{"date":407,"score":319,"percentile":391},"2026-01-31",{"date":409,"score":340,"percentile":410},"2026-02-01",0.98871,[412],{"source":69,"cvss_v2_0":413,"cvss_v3_0":9,"cvss_v3_1":418,"cvss_v4_0":9},{"baseScore":414,"baseSeverity":9,"vectorString":415,"impactScore":416,"exploitabilityScore":417},5.1,"AV:N/AC:H/Au:N/C:P/I:P/A:P",6.4,4.9,{"baseScore":67,"baseSeverity":419,"vectorString":70,"impactScore":420,"exploitabilityScore":421},"HIGH",9.8,5.6,[423,432,443,451,459,466,472,483,491,498,513,520,525],{"ecosystem":9,"name":424,"vendor":425,"product":426,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"debian linux","debian","debian_linux","o",[429],{"version":430,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":433,"vendor":433,"product":433,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":435},"drupal","a",[436],{"version":437,"is_range":438,"range_type":431,"version_start":439,"version_start_type":440,"version_end":441,"version_end_type":442,"fixed_in":9},"gte8.0.0_lt8.1.7",true,"8.0.0","including","8.1.7","excluding",{"ecosystem":9,"name":444,"vendor":445,"product":444,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":446},"fedora","fedoraproject",[447,449],{"version":448,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"23",{"version":450,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"24",{"ecosystem":9,"name":452,"vendor":453,"product":454,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"storeever msl6480 tape library firmware","hp","storeever_msl6480_tape_library_firmware",[456],{"version":457,"is_range":438,"range_type":431,"version_start":9,"version_start_type":9,"version_end":458,"version_end_type":440,"fixed_in":9},"lte5.09","5.09",{"ecosystem":9,"name":460,"vendor":453,"product":461,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"system management homepage","system_management_homepage",[463],{"version":464,"is_range":438,"range_type":431,"version_start":9,"version_start_type":9,"version_end":465,"version_end_type":440,"fixed_in":9},"lte7.5.5.0","7.5.5.0",{"ecosystem":9,"name":467,"vendor":468,"product":467,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":469},"leap","opensuse",[470],{"version":471,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.1",{"ecosystem":9,"name":473,"vendor":474,"product":475,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":476},"communications user data repository","oracle","communications_user_data_repository",[477,479,481],{"version":478,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0.0",{"version":480,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0.1",{"version":482,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0.0",{"ecosystem":9,"name":484,"vendor":474,"product":485,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":486},"enterprise manager ops center","enterprise_manager_ops_center",[487,489],{"version":488,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.2.2",{"version":490,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.3.2",{"ecosystem":9,"name":492,"vendor":474,"product":492,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":493},"linux",[494,496],{"version":495,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6",{"version":497,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7",{"ecosystem":9,"name":499,"vendor":9,"product":499,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":500},"PHP",[501,505,509],{"version":502,"is_range":438,"range_type":431,"version_start":503,"version_start_type":440,"version_end":504,"version_end_type":442,"fixed_in":9},"gte5.5.0_lt5.5.38","5.5.0","5.5.38",{"version":506,"is_range":438,"range_type":431,"version_start":507,"version_start_type":440,"version_end":508,"version_end_type":442,"fixed_in":9},"gte5.6.0_lt5.6.24","5.6.0","5.6.24",{"version":510,"is_range":438,"range_type":431,"version_start":511,"version_start_type":440,"version_end":512,"version_end_type":440,"fixed_in":9},"gte7.0.0_lte7.0.8","7.0.0","7.0.8",{"ecosystem":9,"name":514,"vendor":515,"product":516,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":517},"enterprise linux desktop","redhat","enterprise_linux_desktop",[518],{"version":519,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"ecosystem":9,"name":521,"vendor":515,"product":522,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":523},"enterprise linux server","enterprise_linux_server",[524],{"version":519,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":526,"vendor":515,"product":527,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":528},"enterprise linux workstation","enterprise_linux_workstation",[529],{"version":519,"is_range":63,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]