Httpoxy - Proxy Header Misuse
- Risk:
High
- Type:
- Active
- CWE:
- 20
- Summary
- The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments. This may allow attackers to:
- Solution
- The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application.
- Other info
- An outgoing message to http://192.168.0.11:1080/ was proxied via the host and port that ZAP injected into the HTTP Proxy header.
- References