Responsible disclosure of latest named vulnerability, ‘httpoxy’

The latest branded vulnerability, “httpoxy,” comes complete with a website and Twitter feed — but this time, experts say, researchers performed the disclosure responsibly.

The researchers discovered that the httpoxy vulnerabilities have been described many times since as early as 2001 and found in apps written with PHP, Python and Go, and could potentially be common in other programming languages. The httpoxy vulnerabilities don’t allow remote code execution, but they do enable man-in-the-middle (MiTM) attacks against vulnerable web services.