The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1612 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
RHEL 6 / 7 : rh-php56-php (RHSA-2016:1612)
