logo

Httpoxy - Proxy Header Misuse

  • Risk:
  • High

  • Type:
  • Active
Summary

The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments.

This may allow attackers to:

Solution

The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application.

Other info
An outgoing message to http://192.168.0.11:1080/ was proxied via the host and port that ZAP injected into the HTTP Proxy header.
References

https://httpoxy.org/

Free security scan for your website