2 matches found
CVE-2016-6287
The "http-client" egg always used a HTTPPROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throu...
CVE-2016-6287
The CVE-2016-6287 entry concerns the CHICKEN http-client egg. The vulnerability arises because the http-client used the HTTP_PROXY environment variable to decide whether to route HTTP traffic via a proxy, even in CGI contexts. This allowed a user-supplied Proxy header under several web servers to...