Httpoxy - Proxy Header Misuse

Type: Active Scan

Risk: High

Description

The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments. This may allow attackers to:

  • Proxy the outgoing HTTP requests made by the web application
  • Direct the server to open outgoing connections to an address and port of their choosing or
  • Tie up server resources by forcing the vulnerable software to use a malicious proxy

Solution

The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application.

References

CWE: 20

WASC: 20

Code

Last updated: 2020-04-30 16:12:39.623Z