Summary

Security Advisory ID : BSA-2017-115

Component : Apache HTTPD

Revision : 2.0: Final

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. 

Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	Feb 7, 2017
2.0	Updated for Fabric OS	July 19, 2018