Httpoxy - Proxy Header Misuse
- Risk:
High
- Type:
- Active
- CWE:
- CWE-20
- Summary
The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments.
This may allow attackers to:
- Solution
The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application.
- Other info
- An outgoing message to http://192.168.0.11:1080/ was proxied via the host and port that ZAP injected into the HTTP Proxy header.
- References
Free security scan for your website