Errata overview
Errata ID 289
Date 2016-10-12
Source package apache2
Fixed in version 2.2.22-13.101.201609281005
This update addresses the following issue:
* The Apache HTTPD server used the value of the Proxy header from HTTP
  requests to initialize the HTTP_PROXY environment variable for CGI scripts,
  which in turn was incorrectly used by certain HTTP client implementations
  to configure the proxy for outgoing HTTP requests. A remote attacker could
  possibly use this flaw to redirect HTTP requests performed by a CGI script
  to an attacker-controlled proxy via a malicious HTTP request.
Additional notes
CVE ID CVE-2016-5387
UCS Bug number #41826