bugbot adjusting priority

From CERT:

We have received a report of a vulnerability affecting web servers that run code in a CGI or CGI-like context. We are tracking this as VU#797896, please retain VU#797896 in the subject of any email reply.

Note that if you have already received information about "httpoxy," then this notification may be redundant.

Public disclosure is scheduled for next Monday, 18 July 2016, at 10:00 AM EST.

Per the original report:

"""
RFC 3875 (CGI) puts any HTTP 'Proxy' header present in a request into the environment as HTTP_PROXY. HTTP_PROXY has also become a popular environment variable used to configure an outgoing proxy. It is this namespace conflict that forms the basis of all the vulnerabilities.

The remote attacker can redirect or man-in-the-middle internal HTTP subrequests, or direct the server to open outgoing connections to an address and port of their choosing.
"""

Both of the following are necessary to be considered vulnerable:

1. A web server, programming language or framework (and in some limited situations the application itself) sets the environmental variable HTTP_PROXY from the user supplied Proxy header in the web request, or sets a similarly used variable (essentially when the request header turns from harmless data into a potentially harmful environmental variable).

2. A web application makes use of HTTP_PROXY or similar variable unsafely (e.g. fails to check the request type) resulting in an attacker controlled proxy being used (essentially when HTTP_PROXY is actually used unsafely).

The CERT/CC will be tracking vendor statuses for this issue. Please let us know whether your products are affected and if you would like for a statement to be included in our vulnerability note.

Regards,

Joel Land
Vulnerability Analysis Team
==============================
CERT Coordination Center
www.cert.org / cert@cert.org 
==============================

public at https://httpoxy.org/

its solved now I think.