Unintended Proxy/Intermediary
Weakness ID: 441 (Weakness Base)Status: Draft
+ Description

Description Summary

A product can be used as an intermediary or proxy between an attacker and the ultimate target, so that the attacker can either bypass access controls or hide activities.
+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-1999-0168Portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper.
CVE-2005-0315FTP server does not ensure that the IP address in a PORT command is the same as the FTP user's session, allowing port scanning by proxy.
CVE-2002-1484Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.
CVE-2004-2061CGI script accepts and retrieves incoming URLs.
CVE-2001-1484MFV - bounce attack allows access to TFTP from trusted side.
CVE-1999-0017FTP bounce attack. Protocol allows attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker's. Similar to proxied trusted channel.
+ Potential Mitigations

Enforce the use of strong mutual authentication mechanism between the two parties.

+ Other Notes

Property: Alternate Channel

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory418Channel Errors
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class610Externally Controlled Reference to a Resource in Another Sphere
Research Concepts (primary)1000
RequiredByCompound Element: CompositeCompound Element: Composite352Cross-Site Request Forgery (CSRF)
Research Concepts1000
RequiredByCompound Element: CompositeCompound Element: Composite384Session Fixation
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERUnintended proxy/intermediary
PLOVERProxied Trusted Channel
WASC32Routing Detour
+ Maintenance Notes

This entry is currently a child of CWE-610 under view 1000, however there is also a relationship with CWE-668 because the resulting proxy effectively exposes the victims control sphere to the attacker. This should possibly be considered as an emergent resource.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Observed Example, Other Notes, Taxonomy Mappings
2008-11-24CWE Content TeamMITREInternal
updated Maintenance Notes, Relationships, Taxonomy Mappings, Time of Introduction