VulnerableCode Package Details - pkg:rpm/redhat/php54-php@5.4.40-4?arch=el7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/php54-php@5.4.40-4?arch=el7

Essentials
History (1)

purl	pkg:rpm/redhat/php54-php@5.4.40-4?arch=el7

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-zawz-vky5-tkgt Aliases: CVE-2016-5385 GHSA-m6ch-gg5f-wxx3	Improper Access Control PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:35:54.278010+00:00	RedHat Importer	Affected by	VCID-zawz-vky5-tkgt	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json	38.0.0