Debian Linux Security Advisory 3642-1 - Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or initiate connections to arbitrary hosts.
1c9834771c98c7b8c070c173750e064cb3cb7aa01860e21eb68125b25605888c