Httpoxy - Proxy Header Misuse
- Risk:
High
- Type:
- Active
- CWE:
- CWE-20
- Summary
The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments.
This may allow attackers to:
- Solution
The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application.
- Other info
- An outgoing message to http://192.168.0.11:1080/ was proxied via the host and port that ZAP injected into the HTTP Proxy header.
- References
Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide
Google ads for fake Homebrew, LogMeIn sites push infostealers
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
American Airlines subsidiary Envoy confirms Oracle data theft attack
Microsoft lifts more safeguard holds blocking Windows 11 updates
Europol dismantles SIM box operation renting numbers for cybercrime
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability
CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability
CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVE-2025-47827 IGEL OS Use of a Key Past its Expiration Date Vulnerability
InformationalObsolete Content Security Policy (CSP) Header Found
MediumHTTP Parameter Override
InformationalStorable but Non-Cacheable Content
InformationalSplit Viewstate in Use
InformationalContent-Type Header Empty
MediumBackup File Disclosure
InformationalCookie Slack Detector
Free online web security scanner