Details | |
---|---|
Alert ID | 10107 |
Alert Type | Active |
Status | beta |
Risk | High |
CWE | 20 |
WASC | 20 |
Technologies Targeted | All |
Tags |
CWE-20 OWASP_2017_A09 OWASP_2021_A06 POLICY_QA_FULL |
More Info |
Scan Rule Help |
Summary
The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments. This may allow attackers to:
- Proxy the outgoing HTTP requests made by the web application
- Direct the server to open outgoing connections to an address and port of their choosing or
- Tie up server resources by forcing the vulnerable software to use a malicious proxy.