From the HTTPoxy announcement:
httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:
- RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
- HTTP_PROXY is a popular environment variable used to configure an outgoing proxy
This leads to a remotely exploitable vulnerability. If you’re running PHP or CGI, you should block the Proxy header now.
This site includes fixes for popular web servers and Guzzle has also released a new version (v6.2.1) to address this.
Join the weekly newsletter and never miss out on new tips, tutorials, and more.
- Software Engineer Lead (PHP)
- Full-time Senior Web Developer
Wayne State University
- Senior Software Engineer
- Full Stack Engineer
Remote or Medford, Oregon
- Laravel Developer (fulltime - Dutch only)
Qbixx | Webservices
- Full Stack or Back-End Developer
Alexandria, VA; Tallahassee, FL; Orlando, FL
Marketing for Change
- Senior Quality Assurance Engineer
Keep track of who you meet at conferences with ConFOMO
ConFOMO is a Laravel and Vue.js application written by Matt Stauffer and Michael Dyrynda with the goal of giving you…
Segment: Analytics for Lazy Developers (Sponsor)