Today, HTTPoxy was discovered in the wild. This vulnerability affects some server-side web applications that run in CGI or CGI-like environments, such as some FastCGI configurations. So far, the PHP, Python, and Go languages are known to be affected by this.
The vulnerability is caused by conflicting namespaces. A CGI or FastCGI-like interface sets environment variables based on HTTP request parameters. These can override internal variables that are used to configure the application. Further explanation of this bug can be found on the httpoxy web page.