Configuration
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-16: CWE CATEGORY: Configuration |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The proxy configuration allows the protocol scheme (e.g., http or https) to be set dynamically, which could let an attacker influence or inject the scheme used for upstream connections. This makes it possible to force insecure or unintended connections.
Impact#
If exploited, an attacker could redirect traffic over insecure channels or to malicious servers, potentially exposing sensitive data or enabling further attacks like Server-Side Request Forgery (SSRF). This could compromise user privacy and the overall security of your application.