Httpoxy - Proxy Header Misuse

Risk:
High

Type:
Active

CWE:
CWE-20

Summary

The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments.

This may allow attackers to:

Solution: The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application.

Other info: An outgoing message to http://192.168.0.11:1080/ was proxied via the host and port that ZAP injected into the HTTP Proxy header.

References: https://httpoxy.org/

Free security scan for your website

Don't show website scan report rating on the leaderboard

Httpoxy - Proxy Header Misuse

High