The HTTPoxy vulnerability has been disclosed today (again). A malicious client may be able to inject an HTTP proxy environment variable into a server by sending a request with an HTTP Proxy header.
By default RedShield will block any traffic with an HTTP Proxy header. Full details are available on the HTTPoxy website https://httpoxy.org/.
Comments