Httpoxy - Proxy Header Misuse

Type: Active Scan

Risk: High


The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments. This may allow attackers to:

  • Proxy the outgoing HTTP requests made by the web application
  • Direct the server to open outgoing connections to an address and port of their choosing or
  • Tie up server resources by forcing the vulnerable software to use a malicious proxy


The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application.


CWE: 20

WASC: 20


Last updated: 2020-04-30 16:12:39.623Z