httpoxy漏洞的一些整理

一個MIMT漏洞，或許特殊場景可以發現出特殊的效果。

官網 https://httpoxy.org/

httpoxy poc https://github.com/httpoxy

生動形象 https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ 

什麼是httpoxy https://medium.com/@nzdominic/what-is-httpoxy-65a33a8a1f4d

介紹是如何發現httpoxy這個漏洞的 https://medium.com/@nzdominic/how-the-internets-biggest-blind-spot-lead-to-a-15-year-old-security-vulnerability-a2a6f6218a71#.7juwhx49s

很是不錯 含測試腳本/修補建議和相關原理分析 https://access.redhat.com/security/vulnerabilities/httpoxy

http://seclists.org/oss-sec/2016/q3/94

reddit上的相關討論，做者現身 https://www.reddit.com/r/netsec/comments/4tfc4k/httpoxy_a_cgi_application_vulnerability_for_php/

https://www.apache.org/security/asf-httpoxy-response.txt

https://news.ycombinator.com/item?id=12115051  hacknews

相似心臟出血重大漏洞的公佈站點 https://github.com/KeenRivals/Bugsite-Index

鳥哥的分析說明貼：http://www.laruence.com/2016/07/19/3101.html

烏雲zone的一些討論：zone.wooyun.org/content/28537