https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387

--- httpd-2.4.18/server/util_script.c.cve5387

+++ httpd-2.4.18/server/util_script.c

@@ -195,6 +195,10 @@

             }

         }

 #endif

+        else if (!strcasecmp(hdrs[i].key, "Proxy")) {

+            /* Don't pass through HTTP_PROXY */

+            continue;

+        }

         else

             add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);

     }