Could you please check this project for the httpoxy.org vulnerability?
I'm particularly interested in this bit:
|
if (getenv("http_proxy") !== false ) { |
That file appears to be loaded as a prepend file before executing any PHP? But, did you realise that get_env is case-insensitive in many environments (such as mod_php?) - you may end up trusting the value of a Proxy header.
Apologies if it turns out you're unaffected. (But that'd be though pure luck, right?)
Could you please check this project for the httpoxy.org vulnerability?
I'm particularly interested in this bit:
docker-lamp/ansible/roles/apache/templates/http_proxy.php
Line 4 in cc63ad3
That file appears to be loaded as a prepend file before executing any PHP? But, did you realise that
get_envis case-insensitive in many environments (such as mod_php?) - you may end up trusting the value of aProxyheader.Apologies if it turns out you're unaffected. (But that'd be though pure luck, right?)