A group of ASF projects (HTTP Server, Tomcat, Traffic Server, mod_perl) has analyzed the CGI application vulnerability recently published at https://httpoxy.org/

Their detailed analysis, targeted at Web server administrators and CGI developers and including mitigation information, can be found at https://www.apache.org/security/asf-httpoxy-response.txt