| Details | |
|---|---|
| Alert ID | 10107 |
| Alert Type | Active |
| Status | beta |
| Risk | High |
| CWE | 20 |
| WASC | 20 |
| Technologies Targeted | All |
| Tags |
CWE-20 OWASP_2017_A09 OWASP_2021_A06 POLICY_PENTEST POLICY_QA_FULL |
| More Info |
Scan Rule Help |
Summary
The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments. This may allow attackers to:
- Proxy the outgoing HTTP requests made by the web application
- Direct the server to open outgoing connections to an address and port of their choosing or
- Tie up server resources by forcing the vulnerable software to use a malicious proxy.