It was detected that several firewall, caching and antivirus proxy software doesn't enough restrict the HTTP/CONNECT feature. Looks like on some software this can't be restricted by design.
It's possible to connect to arbitrary ports using this HTTP/CONNECT feature, sometimes also below port 1024.
An example looks like this:
$ telnet your.local.proxy 3128
Trying 1.2.3.4...
Connected to your.local.proxy.
Escape character is '^]'.
CONNECT wwwspecial.domain.example:44444 / HTTP/1.0

HTTP/1.0 200 Connection established

GET /eicar.com
X5************CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*Connection closed by foreign host.

If you see the eicar.com test file in clear text, a second issue exists, if you use a antivirus proxy software: It doesn't scan any traffic using HTTP/CONNECT, even it's not encrypted.

If you can also connect to ports lower than 1024, a third issue is coming up. Try it by using:
CONNECT mail.domain.example:25 / HTTP/1.0
If working, possible any ports from 1 to 65535 can be connected from inside to outside and breaks perhaps your security policy.

Finally a connection request to port 80 using:
CONNECT www.domain.example:80 / HTTP/1.0
This should be normally not working, too.

Solutions:
1) Disable method CONNECT completely, if possible by software and security policy (this will disable HTTPS traffic also)
2) Restrict ports which can be used for method CONNECT to e.g. 443 (https) only (Squid-Cache-Software does this by default setting since some years to ports 443 and 563 [NNTP over ssl] only)
3) Restrict outgoing traffic from the proxy to allowed ports only using local or near-by firewalling (e.g. port 80 and 443 only).
4) If antivirus is bypassed, contact vendor for solution