Proxy Disclosure

Proxy Disclosure vulnerability detected. The application leaks information about proxy servers or load balancers in the infrastructure through HTTP methods like TRACE or OPTIONS, or via server headers that reveal technology details and version numbers.

Proxy disclosure vulnerabilities reveal infrastructure details such as proxy types, versions, and configurations, enabling attackers to fingerprint the technology stack. This information facilitates targeted exploits against known vulnerabilities in specific proxy software versions. Attackers can leverage TRACE method responses to bypass HttpOnly cookie protections through cross-site tracing attacks, or use OPTIONS responses to map available HTTP methods and identify potential attack vectors.

Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server. Disable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross Origin Resource Sharing). Configure the web and application servers with custom error pages, to prevent 'fingerprintable' product-specific error pages being leaked to the user in the event of HTTP errors, such as 'TRACK' requests for non-existent pages. Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information in the 'Server' and 'X-Powered-By' HTTP response headers.