Linux Today: Linux News On Internet Time.





More on LinuxToday


HTTpoxy Flaw Re-emerges After 15 Years and Gets Fixed

Jul 20, 2016, 16:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

Some flaws take longer—a lot longer—than others to get fixed. The newly named HTTpoxy vulnerability was first discovered back in March 2001 and fixed in the open-source Perl programming language, but it has sat dormant in multiple other languages and applications until July 18.

The HTTPoxy flaw is a misconfiguration vulnerability in the HTTP_PROXY variable that is commonly used by Common Gateway Interface (CGI) environment scripts. The HTTPoxy flaw could potentially enable a remotely exploitable vulnerability on servers, enabling an attacker to run code or redirect traffic. The flaw at its core is a name space conflict between two different uses for a server variable known as HTTP Proxy.

Complete Story