Security Test: Proxy Disclosure¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
A proxy disclosure happens when details about a proxy server become visible, giving an attacker clues to weaknesses you might not realize exist. This can happen if error messages or other responses leak information about how your proxy is configured. An attacker could use those clues to narrow down what you’re running and even target the proxy to find other vulnerabilities, potentially opening the door to bigger attacks. Many developers mistakenly assume that setting up a proxy guarantees invisibility, so not closely managing what the proxy reveals can end up being a significant security risk.
Configuration¶
Identifier:
configuration/proxy_disclosure
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API5:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 1.3.7 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.13.1 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
| CVSS Score | 5.8 |