Decription: Apache HTTPD CGI Application "Proxy:" Header Processing Flaw Lets Remote Users Redirect the Target CGI Application Requests to an Arbitrary Web Proxy in Certain Cases
On systems where the Apache HTTPD server is configured to proxy HTTP requests and the target CGI application relies on the HTTP_PROXY environment variable in a trusted manner, a remote user can send (or can conduct a man-in-the-middle attack to insert or modify) a specially crafted HTTP "Proxy:" header to cause the target CGI application to proxy HTTP connections to an arbitrary port on an arbitrary server. This can be exploited to set the HTTP_PROXY variable on the target CGI application server and cause CGI application server internal requests to be proxied, in certain cases.
Affected versions: all
Recommended action: The vendor has provided a patch (to 'server/util_script.c') to mitigate affected applications. The patch is available in the vendor's advisory.