CVE-2016-6287
N/A
N/A
Summary
The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.gnu.org/archive/html/chicken-announce/2016-07/msg00000.html
- http://www.securityfocus.com/bid/92105
References
- http://lists.gnu.org/archive/html/chicken-announce/2016-07/msg00000.html
- http://www.securityfocus.com/bid/92105
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.