{"id":26272,"date":"2016-07-24T06:24:14","date_gmt":"2016-07-24T04:24:14","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=26272"},"modified":"2016-07-24T06:24:14","modified_gmt":"2016-07-24T04:24:14","slug":"httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/","title":{"rendered":"httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"26273\" data-permalink=\"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/httpoxy\/\" data-orig-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy.png?fit=1141%2C296&amp;ssl=1\" data-orig-size=\"1141,296\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"httpoxy\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy.png?fit=660%2C171&amp;ssl=1\" class=\"aligncenter size-medium wp-image-26273\" src=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy-500x130.png?resize=500%2C130&#038;ssl=1\" alt=\"httpoxy\" width=\"500\" height=\"130\" srcset=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy.png?resize=500%2C130&amp;ssl=1 500w, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy.png?resize=768%2C199&amp;ssl=1 768w, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy.png?resize=1024%2C266&amp;ssl=1 1024w, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy.png?w=1141&amp;ssl=1 1141w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/httpoxy.org\/\">httpoxy<\/a> is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments.<\/p>\n<blockquote><p>It comes down to a simple namespace conflict:<\/p>\n<ul>\n<li>RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY<\/li>\n<li>HTTP_PROXY is a popular environment variable used to configure an outgoing proxy<\/li>\n<\/ul>\n<p>This leads to a remotely exploitable vulnerability. If you\u2019re running PHP or CGI, you should block the Proxy header now.<\/p><\/blockquote>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"httpoxy - a CGI application vulnerability for PHP, Go, Python and others #security #WebDev #PHP #Python #Go","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_links_to":"","_links_to_target":""},"categories":[1,18,133,62,1334],"tags":[38,37,200,1330],"keyring_services":[],"class_list":["post-26272","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-sysadmin","category-technology","category-web-work","tag-php","tag-python","tag-security","tag-web-development"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Leonid Mamchenkov\"\/>\n\t<meta name=\"google-site-verification\" content=\"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Leonid Mamchenkov - Life, universe, and everything else\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"httpoxy \u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov\" \/>\n\t\t<meta property=\"og:description\" content=\"httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2016-07-24T04:24:14+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2016-07-24T04:24:14+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MamchenkovBlog\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:title\" content=\"httpoxy \u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov\" \/>\n\t\t<meta name=\"twitter:description\" content=\"httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#blogposting\",\"name\":\"httpoxy \\u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov\",\"headline\":\"httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others\",\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/wp-content\\\/uploads\\\/2016\\\/07\\\/httpoxy-500x130.png\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#articleImage\"},\"datePublished\":\"2016-07-24T06:24:14+02:00\",\"dateModified\":\"2016-07-24T06:24:14+02:00\",\"inLanguage\":\"en-US\",\"commentCount\":1,\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#webpage\"},\"articleSection\":\"All, Programming, Sysadmin, Technology, Web work, PHP, Python, security, web development\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"name\":\"Programming\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"position\":3,\"name\":\"Programming\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#listItem\",\"name\":\"httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#listItem\",\"position\":4,\"name\":\"httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"name\":\"Programming\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#personImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#webpage\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/\",\"name\":\"httpoxy \\u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov\",\"description\":\"httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2016\\\/07\\\/24\\\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"datePublished\":\"2016-07-24T06:24:14+02:00\",\"dateModified\":\"2016-07-24T06:24:14+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/\",\"name\":\"Blog of Leonid Mamchenkov\",\"description\":\"Life, universe, and everything else\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"httpoxy \u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov","description":"httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads","canonical_url":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"google-site-verification":"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ","miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#blogposting","name":"httpoxy \u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov","headline":"httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others","author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"},"image":{"@type":"ImageObject","url":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/07\/httpoxy-500x130.png","@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#articleImage"},"datePublished":"2016-07-24T06:24:14+02:00","dateModified":"2016-07-24T06:24:14+02:00","inLanguage":"en-US","commentCount":1,"mainEntityOfPage":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#webpage"},"isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#webpage"},"articleSection":"All, Programming, Sysadmin, Technology, Web work, PHP, Python, security, web development"},{"@type":"BreadcrumbList","@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","position":1,"name":"Home","item":"https:\/\/mamchenkov.net\/wordpress","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","position":2,"name":"Technology","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","name":"Programming"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","position":3,"name":"Programming","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#listItem","name":"httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#listItem","position":4,"name":"httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others","previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","name":"Programming"}}]},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/#person","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#personImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author","url":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"WebPage","@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#webpage","url":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/","name":"httpoxy \u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov","description":"httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#website"},"breadcrumb":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/#breadcrumblist"},"author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"creator":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"datePublished":"2016-07-24T06:24:14+02:00","dateModified":"2016-07-24T06:24:14+02:00"},{"@type":"WebSite","@id":"https:\/\/mamchenkov.net\/wordpress\/#website","url":"https:\/\/mamchenkov.net\/wordpress\/","name":"Blog of Leonid Mamchenkov","description":"Life, universe, and everything else","inLanguage":"en-US","publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"}}]},"og:locale":"en_US","og:site_name":"Leonid Mamchenkov - Life, universe, and everything else","og:type":"article","og:title":"httpoxy \u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov","og:description":"httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads","og:url":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/","og:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:secure_url":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:width":1024,"og:image:height":1024,"article:published_time":"2016-07-24T04:24:14+00:00","article:modified_time":"2016-07-24T04:24:14+00:00","article:publisher":"https:\/\/www.facebook.com\/MamchenkovBlog","twitter:card":"summary_large_image","twitter:site":"@mamchenkov","twitter:title":"httpoxy \u2013 a CGI application vulnerability for PHP, Go, Python and others - Leonid Mamchenkov","twitter:description":"httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy This leads","twitter:creator":"@mamchenkov","twitter:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg"},"aioseo_meta_data":{"post_id":"26272","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2023-07-19 08:53:37","updated":"2026-01-15 12:16:45","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/\" title=\"Technology\">Technology<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/\" title=\"Programming\">Programming<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\thttpoxy \u2013 a CGI application vulnerability for PHP, Go, Python and others\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/mamchenkov.net\/wordpress"},{"label":"Technology","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/"},{"label":"Programming","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/"},{"label":"httpoxy &#8211; a CGI application vulnerability for PHP, Go, Python and others","link":"https:\/\/mamchenkov.net\/wordpress\/2016\/07\/24\/httpoxy-a-cgi-application-vulnerability-for-php-go-python-and-others\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":8295,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/12\/05\/rfc-3875-the-common-gateway-interface-cgi-version-11\/","url_meta":{"origin":26272,"position":0},"title":"RFC 3875 &#8211; The Common Gateway Interface (CGI) Version 1.1","author":"Leonid Mamchenkov","date":"December 5, 2004","format":false,"excerpt":"It seems that until very recently (October 2004) there was no RFC covering CGI. Now there is - RFC 3875 - The Common Gateway Interface (CGI) Version 1.1. It explains how CGI scripts should be called and executed, what they should be given and what they should return. There is\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27681,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/06\/14\/async-php-requests-reactive-responses-with-php-fpm\/","url_meta":{"origin":26272,"position":1},"title":"Async PHP Requests &#038; Reactive Responses with PHP-FPM","author":"Leonid Mamchenkov","date":"June 14, 2017","format":false,"excerpt":"https:\/\/speakerdeck.com\/hollodotme\/async-php-requests-and-reactive-responses-with-php-fpm \"Async PHP Requests & Reactive Responses with PHP-FPM\" is talk by\u00a0Holger Woltersdorf, in which he shares the approaches he tried for implementing asynchronous requests in PHP, and how he arrived at\u00a0hollodotme\/fast-cgi-client, which is a\u00a0PHP fast CGI client for sending requests (a)synchronously to PHP-FPM.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":24603,"url":"https:\/\/mamchenkov.net\/wordpress\/2015\/08\/19\/custom-single-sign-on-with-nginx-and-auth-request-module\/","url_meta":{"origin":26272,"position":2},"title":"Custom Single Sign-On with Nginx and Auth Request Module","author":"Leonid Mamchenkov","date":"August 19, 2015","format":false,"excerpt":"In a recent project I crashed into a wall. \u00a0At least for a couple of days that is. \u00a0The requirement was to integrate the Request Tracker (aka RT) installation on CentOS 7 server with Nginx to\u00a0a client's company single sign-on solution. \u00a0Which wasn't LDAP. \u00a0Or Active Directory. \u00a0Or anything standard\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27865,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/08\/21\/using-php-fpm-as-a-simple-built-in-async-queue\/","url_meta":{"origin":26272,"position":3},"title":"Using php-fpm as a simple built-in async queue","author":"Leonid Mamchenkov","date":"August 21, 2017","format":false,"excerpt":"Here's an interesting solution for a poor man's asynchronous queue using PHP-FPM: PHP-FPM already acts as a queue for Nginx\/Apache FastCGI clients. While your web-request is running you can just send another FastCGI request to the same PHP-FPM socket asynchronously and non-blocking. This request is immediately executed in another php-fpm\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26031,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/18\/single-sign-on-between-sugarcrm-and-request-tracker\/","url_meta":{"origin":26272,"position":4},"title":"Single Sign-On Between SugarCRM and Request Tracker","author":"Leonid Mamchenkov","date":"April 18, 2016","format":false,"excerpt":"As mentioned\u00a0before,\u00a0over the last few month I've been involved in quite a few integration projects, using mostly SugarCRM and Request Tracker. \u00a0One of the interesting challenges was the Single Sign-On (SSO) between the two. The interesting bit comes from these facts: Different technologies: SugarCRM is written in PHP, while Request\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27421,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/03\/17\/cakephp-3-remove-shell-welcome-header\/","url_meta":{"origin":26272,"position":5},"title":"CakePHP 3 : Remove Shell Welcome Header","author":"Leonid Mamchenkov","date":"March 17, 2017","format":false,"excerpt":"CakePHP 3\u00a0has an excellent support for command line Shells, Tasks, and Console Tools. \u00a0There are a few that are bundled with the framework itself, and that come from a variety of plugins. \u00a0And, of course, you can have your own commands, specific to your application. There is one tiny little\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/26272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=26272"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/26272\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=26272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=26272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=26272"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=26272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}