CVE-2016-1000107

Name of the Vulnerable Software and Affected Versions Erlang versions prior to 22.1

Description The issue allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request. This is related to the handling of the HTTP PROXY environment variable, where untrusted client data is not properly protected, following RFC 3875 section 4.1.18.

Recommendations For versions prior to 22.1, consider restricting access to the HTTP PROXY environment variable to minimize the risk of exploitation. As a temporary workaround, avoid using the HTTP PROXY variable in the affected applications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.