HTTPOXY Vulnerability

The HTTPOXY vulnerability which has been found recently is a vulnerability that affects applications that run in cgi or cgi-like environments. This means that the issue affects almost all web servers including Apache and Nginx and also most PHP applications. Even the mod_php mode on apache is affected.

There is a common system environment variable called “HTTP_PROXY”, which can be used to communicate the HTTP (and sometimes HTTPS) proxy settings for an outgoing HTTP proxy to an application. This variable has a completely different purpose and context to that of the HTTP server-script variable. Applications, language libraries, or scripting modules use this environment variable to configure their proxy for subsequent outgoing HTTP traffic.

A detailed description of the HTTPOXY vulnerability can be found on this website httpoxy.org