CVE-2016-6287

Name of the Vulnerable Software and Affected Versions http-client versions prior to 0.10

Description The issue allows an attacker to direct all HTTP requests through a proxy, also known as a "httpoxy" attack, by exploiting the http-client egg's use of the HTTP PROXY environment variable. This can occur when running as a CGI process under several web servers, where a user-supplied "Proxy" header can be used to route HTTP traffic via a proxy.

Recommendations For versions prior to 0.10, update to version 0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP PROXY environment variable to minimize the risk of exploitation.