Type: Active Scan
The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments. This may allow attackers to:
- Proxy the outgoing HTTP requests made by the web application
- Direct the server to open outgoing connections to an address and port of their choosing or
- Tie up server resources by forcing the vulnerable software to use a malicious proxy
The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application.