[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2016:1842-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":32,"duplicates":33,"related":34,"reserved_at":9,"published_at":44,"modified_at":45,"state":9,"summary":46,"references_raw":48,"kevs":129,"epss":9,"epss_history":130,"metrics":131,"affected":132},"SUSE-SU-2016:1842-1","Security update for php5\n\nThis update for php5 fixes the following issues:\n\n* It is possible to launch a web server with 'php -S localhost:8080'\n  It used to be possible to set an arbitrary $HTTP_PROXY environment variable\n  for request handlers -- like CGI scripts -- by including a specially crafted\n  HTTP header in the request (CVE-2016-5385). As a result, these server\n  components would potentially direct all their outgoing HTTP traffic through a\n  malicious proxy server. This patch fixes the issue: the updated php server\n  ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes.\n  (bnc#988486)\n* There was multiple cases where a remote attacker could trigger a double free\n  and, given specific PHP code using callbacks, trigger code execution vectors.\n  (bnc#986246,bnc#986244,CVE-2016-5768,CVE-2016-5772)\n* It was possible to inject header or content information (XSS) when a user was \n  using internet explorer as the browser. (bnc#986004, CVE-2015-8935)\n* In several cases it was possible for a integer overflow to trigger an \n  excessive memory allocation (bnc#986392, bnc#986388, bnc#986386, bnc#986393, \n  CVE-2016-5770, CVE-2016-5769, CVE-2016-5766, CVE-2016-5767)\n* It was possible for an attacker to abuse the garbage collector to free a \n  target array. At this point an attacker could craft a fake zval object and \n  exploit the PHP process by taking over the EIP/RIP. (bnc#986391,\n  CVE-2016-5771)",null,[],[],[],[14,16,18,20,22,24,26,28,30],{"_key":15},"CVE-2015-8935",{"_key":17},"CVE-2016-5385",{"_key":19},"CVE-2016-5766",{"_key":21},"CVE-2016-5767",{"_key":23},"CVE-2016-5768",{"_key":25},"CVE-2016-5769",{"_key":27},"CVE-2016-5770",{"_key":29},"CVE-2016-5771",{"_key":31},"CVE-2016-5772",[],[],[35,36,37,38,39,40,41,42,43],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},"2016-07-20T18:56:58Z","2026-02-04T03:51:33.684715Z",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[49,55,60,64,68,72,76,80,84,88,92,97,101,105,109,113,117,121,125],{"url":50,"sources":51,"tags":53},"https://www.suse.com/support/update/announcement/2016/suse-su-20161842-1/",[52],"osv_suse",[54],"Advisory",{"url":56,"sources":57,"tags":58},"https://bugzilla.suse.com/986004",[52],[59],"REPORT",{"url":61,"sources":62,"tags":63},"https://bugzilla.suse.com/986244",[52],[59],{"url":65,"sources":66,"tags":67},"https://bugzilla.suse.com/986246",[52],[59],{"url":69,"sources":70,"tags":71},"https://bugzilla.suse.com/986386",[52],[59],{"url":73,"sources":74,"tags":75},"https://bugzilla.suse.com/986388",[52],[59],{"url":77,"sources":78,"tags":79},"https://bugzilla.suse.com/986391",[52],[59],{"url":81,"sources":82,"tags":83},"https://bugzilla.suse.com/986392",[52],[59],{"url":85,"sources":86,"tags":87},"https://bugzilla.suse.com/986393",[52],[59],{"url":89,"sources":90,"tags":91},"https://bugzilla.suse.com/988486",[52],[59],{"url":93,"sources":94,"tags":95},"https://www.suse.com/security/cve/CVE-2015-8935",[52],[96],"WEB",{"url":98,"sources":99,"tags":100},"https://www.suse.com/security/cve/CVE-2016-5385",[52],[96],{"url":102,"sources":103,"tags":104},"https://www.suse.com/security/cve/CVE-2016-5766",[52],[96],{"url":106,"sources":107,"tags":108},"https://www.suse.com/security/cve/CVE-2016-5767",[52],[96],{"url":110,"sources":111,"tags":112},"https://www.suse.com/security/cve/CVE-2016-5768",[52],[96],{"url":114,"sources":115,"tags":116},"https://www.suse.com/security/cve/CVE-2016-5769",[52],[96],{"url":118,"sources":119,"tags":120},"https://www.suse.com/security/cve/CVE-2016-5770",[52],[96],{"url":122,"sources":123,"tags":124},"https://www.suse.com/security/cve/CVE-2016-5771",[52],[96],{"url":126,"sources":127,"tags":128},"https://www.suse.com/security/cve/CVE-2016-5772",[52],[96],[],[],[],[133,146],{"ecosystem":134,"name":135,"vendor":136,"product":137,"cpe_part":9,"purl_type":138,"purl_namespace":136,"purl_name":137,"source":9,"versions":139},"SUSE Linux Enterprise","php5","suse","php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12","rpm",[140],{"version":141,"is_range":142,"range_type":143,"version_start":9,"version_start_type":9,"version_end":144,"version_end_type":145,"fixed_in":9},"lt5_5_14_68_1",true,"ecosystem","5.5.14-68.1","excluding",{"ecosystem":134,"name":135,"vendor":136,"product":147,"cpe_part":9,"purl_type":138,"purl_namespace":136,"purl_name":147,"source":9,"versions":148},"php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP1",[149],{"version":141,"is_range":142,"range_type":143,"version_start":9,"version_start_type":9,"version_end":144,"version_end_type":145,"fixed_in":9}]