httpoxy CGI application vulnerability

httpoxy is a vulnerability in CGI environments related to handling the Proxy header:

  • RFC3875 puts the HTTP Proxy header from requests into environment variables as HTTP_PROXY
  • HTTP_PROXY in a common environment variable used to configure a proxy server


This issue will be fixed in pending security updates. Some of the packages affected by this issue are:


The Ubuntu Security team encourages everyone to apply the mitigations listed on the httpoxy information page.


  • 2016 Jul 18: The httpoxy disclosure team discloses their findings

SecurityTeam/KnowledgeBase/httpoxy (last edited 2016-07-18 18:31:23 by mdeslaur)