{
  "threat_severity" : "Moderate",
  "public_date" : "2016-10-11T00:00:00Z",
  "bugzilla" : {
    "description" : "guile: REPL server vulnerable to HTTP inter-protocol attacks",
    "id" : "1383972",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383972"
  },
  "cvss" : {
    "cvss_base_score" : "5.1",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "status" : "draft"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
    "status" : "draft"
  },
  "details" : [ "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.", "A vulnerability was found in guile's REPL server (--listen), making it vulnerable to HTTP inter-protocol attacks. A crafted website, when visited by a developer with an instance of the REPL server, could cause arbitrary code execution within the guile scheme interpreter." ],
  "statement" : "Red Hat Product Security has rated this issue as having Moderate security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "guile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "guile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "guile",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-8606\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8606" ],
  "name" : "CVE-2016-8606",
  "csaw" : false
}