Information Disclosure via X-Envoy-Attempt-Count Header

Description

The 'X-Envoy-Attempt-Count' header is used by Envoy Proxy to track how many times a request has been retried before reaching its destination. When exposed to clients or attackers, it reveals internal retry or routing behavior, which could help malicious actors infer network conditions or resilience strategies. Understanding this count may enable adversaries to craft requests designed to trigger excessive retries, potentially causing service slowdowns or exploiting specific failover scenarios. In addition, disclosing proxy-level retry details can shed light on your infrastructure's fault tolerance and allow attackers to time or sequence malicious traffic with more precision.

Remediation

Remove or mask the 'X-Envoy-Attempt-Count' header in production environments so that it is not disclosed to unauthorized clients. Configure your Envoy Proxy to strip or rewrite this header before sending responses externally. Keep your proxy and backend services updated and well-tested to avoid vulnerabilities that may be exploited through retry or failover mechanisms. Consider deploying a Web Application Firewall (WAF) or network intrusion detection system to monitor for suspicious traffic patterns exploiting proxy retry logic. Periodically review your Envoy configurations to ensure minimal data leakage about internal retry or routing processes.

References

Severity

Owasp

Code: A05:2021

Category: Security Misconfiguration

Classification