From the HTTPoxy announcement:
httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:
- RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
- HTTP_PROXY is a popular environment variable used to configure an outgoing proxy
This leads to a remotely exploitable vulnerability. If you’re running PHP or CGI, you should block the Proxy header now.
This site includes fixes for popular web servers and Guzzle has also released a new version (v6.2.1) to address this.
Join the weekly newsletter and never miss out on new tips, tutorials, and more.
Keep track of who you meet at conferences with ConFOMO
ConFOMO is a Laravel and Vue.js application written by Matt Stauffer and Michael Dyrynda with the goal of giving you…
Segment: Analytics for Lazy Developers (Sponsor)