* It was discovered that PHP did not properly protect against the
HTTP_PROXY variable name clash. A remote attacker could possibly use this
flaw to redirect HTTP requests performed by a PHP script to an attacker-
controlled proxy via a malicious HTTP request. (CVE-2016-5385)
--