HTTPoxy “Proxy header” Vulnerability

From the HTTPoxy announcement:

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:

  • RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
  • HTTP_PROXY is a popular environment variable used to configure an outgoing proxy

This leads to a remotely exploitable vulnerability. If you’re running PHP or CGI, you should block the Proxy header now.

This site includes fixes for popular web servers and Guzzle has also released a new version (v6.2.1) to address this.

Filed in: News / Guzzle
Laravel News Partners

Laravel Jobs

Backend Software Engineer (PHP Developer)
Austin TX, Bonita Springs FL
Certified eSupport Corp
Laravel Developer
Glendale, CA (COVID Remote)
Jogg, Inc
Full-Stack Engineer (Mid to Senior)
Remote (EST, CST)
Voxie
Senior Laravel Developer (AI Applications)
Remote from anywhere in the UK or from our London office
GreenShoot Labs
Full Stack Engineer
Remote
Shelterluv

Newsletter

Join 31,000+ others and never miss out on new tips, tutorials, and more.