Curl/libcurl apparently checks HTTP_PROXY for proxy
information for requests.
When curl is used in a webserver application
environment (cgi or php), this environment variable can
be controlled by the web server user by setting the
http header 'Proxy:' to some value.
This can cause 'internal' http/ftp requests to be
arbitrarily redirected by any external attacker.
This issue was recently uncovered in LWP, the perl
library for http, which checks http_proxy in a
Curl should only check the lower case version of this
variable. This might not be enough on NT.