USN-3038-1: Apache HTTP Server vulnerability
18 July 2016
A security issue was fixed in the Apache HTTP Server.
- apache2 - Apache HTTP server
It was discovered that the Apache HTTP Server would set the HTTP_PROXY
environment variable based on the contents of the Proxy header from HTTP
requests. A remote attacker could possibly use this issue in combination
with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.