Skip to content

Security Test: Proxy Disclosure

Description

Default Severity:

A proxy disclosure happens when details about a proxy server become visible, giving an attacker clues to weaknesses you might not realize exist. This can happen if error messages or other responses leak information about how your proxy is configured. An attacker could use those clues to narrow down what you’re running and even target the proxy to find other vulnerabilities, potentially opening the door to bigger attacks. Many developers mistakenly assume that setting up a proxy guarantees invisibility, so not closely managing what the proxy reveals can end up being a significant security risk.

Configuration

Identifier: configuration/proxy_disclosure

Examples

All configuration available:

checks:
  configuration/proxy_disclosure:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API5:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 1.3.7
GDPR Article-32
SOC2 CC6
PSD2 Article-95
ISO 27001 A.13.1
NIST SP800-53
FedRAMP AC-4
CWE 200
CVSS Vector AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVSS Score 5.8