Skip to content

HTTPoxy vulnerability #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kkomelin opened this issue Jul 19, 2016 · 1 comment
Closed

HTTPoxy vulnerability #251

kkomelin opened this issue Jul 19, 2016 · 1 comment

Comments

@kkomelin
Copy link
Contributor

HTTPoxy is a CGI application vulnerability, which affects many web servers, including Nginx.
More information https://httpoxy.org/

I am working on a pull request to fix it.
@kkomelin
Copy link
Contributor Author

kkomelin commented Jul 20, 2016
edited
Loading

The PR needs review, please #253

perusio pushed a commit that referenced this issue Jul 21, 2016
* Fix #251 with PR provided by @kkomelin.
ce64410
jakobg added a commit to codewhisper/drupal-with-nginx that referenced this issue May 22, 2017
@jakobg
Merge branch 'D7' of https://github.com/perusio/drupal-with-nginx int…
c75b6c0 
…o D7

* 'D7' of https://github.com/perusio/drupal-with-nginx:
  * Added woff2 support from PR perusio#255 by @iryston.
  Added an appropriate mime type for .woff2
  * Fix perusio#251 with PR from @kkomelin.
  * Include PR#11 from @kkomelin about CGI var vuln.
  Allowed "Well-Known URIs".
  Cache valid responses for 15s.
  disable access_log in php_fpm_status_vhost
  * Disabled SSL v3.
  * Enable OCSP stapling verification.
  Update fastcgi_cache_key
  Issue perusio#212 by colans: Move header-adding to nginx.conf to avoid losing headers.
  Disabled SSLv3 to fix POODLE vulnerability.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kkomelin