Hacker News new | ask | show | jobs
by rahkiin 3628 days ago
> The vulnerability was mentioned on the NGINX mailing list in July, 2013, by Jonathan Matthews.

Wow, that is long ago. Why isn't this mitigated earlier? The attack is very simple.
1 comments
justinsaccount 3628 days ago
It gets worse

https://httpoxy.org/#history

March 2001 - The issue is discovered in libwww-perl and fixed. Reported by Randal L. Schwartz.

link