in linux, security

CGI application vulnerability “httpoxy”

A serious vulnerability was recently discovered based on how Linux uses CGI script execution for PHP, Python, Go and other scripting language.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. The vulnerability allows an attacker to remotely set the HTTP_PROXY environment variable on affected servers which can lead to a number of bad consequences.

Best advice is to patch as soon as possible as Linux vendors have started releasing patches. But immediate mitigation before patching can be performed by blocking ‘Proxy’ request headers as early as possible before they hit your application. httproxy.org has this spelled out in detail for Apache, OpenBSD, Nginx/FastCGI and others.