zEitEr
Super Moderator
for PHP, Go, Python and others
httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:
https://httpoxy.org
Advisory: Apache Software Foundation Projects and "httpoxy" CERT VU#797896
Canonical URL: https://www.apache.org/security/asf-httpoxy-response.txt
Publication: v1.0 18 July 2016
NGINX:
APACHE:
httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:
- RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
- HTTP_PROXY is a popular environment variable used to configure an outgoing proxy
https://httpoxy.org
Advisory: Apache Software Foundation Projects and "httpoxy" CERT VU#797896
Canonical URL: https://www.apache.org/security/asf-httpoxy-response.txt
Publication: v1.0 18 July 2016
NGINX:
Code:
fastcgi_param HTTP_PROXY "";APACHE:
Code:
RequestHeader unset Proxy early