We want to ensure you’re aware of the new vulnerability, httpoxy, which exists in multiple web servers and languages. This vulnerability may allow remote attackers to cause HTTP requests, made by backend pages such as PHP or Python files, to be redirected through a proxy of the remote attacker's choosing. This could result in multiple negative outcomes, such as compromising of data or denial of service.
While technically not a bug, this design flaw can have substantial repercussions unless mitigated.
It's relatively easy to mitigate this vulnerability by performing configuration updates to most web servers. You can refer to our support knowledge base for specific technical details.
We recommend that all Zend Server customers take the necessary steps to update their web server configuration to block this vulnerability.
For further questions or feedback, please contact our support team.
Senior product manager, Zend Server
General discussion forum for the Zend Server
1 post • Page 1 of 1