#66 Security issue with HTTP_PROXY

closed-fixed
libcurl (356)
7
2013-06-21
2001-04-11
No

Curl/libcurl apparently checks HTTP_PROXY for proxy
information for requests.

When curl is used in a webserver application
environment (cgi or php), this environment variable can
be controlled by the web server user by setting the
http header 'Proxy:' to some value.

This can cause 'internal' http/ftp requests to be
arbitrarily redirected by any external attacker.

This issue was recently uncovered in LWP, the perl
library for http, which checks http_proxy in a
case-insensitive manner.

Curl should only check the lower case version of this
variable. This might not be enough on NT.

Discussion

  • Daniel Stenberg

    Daniel Stenberg - 2001-04-11
    • priority: 5 --> 7
    • status: open --> closed-fixed
     
  • Daniel Stenberg

    Daniel Stenberg - 2001-04-11

    Logged In: YES
    user_id=1110

    I understand perfectly.

    I just committed a fix that prevents libcurl from trying to
    use HTTP_PROXY in the uppercase version.

    Thanks for reporting!

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks