Threat CC.AuD.CCCPCCS-i.3

URI: CC.AuD.CCCPCCS-i.3

Description: Confused deputy Client access to Process via Service: if client Client has accepted an inappropriate request from its client to gain access to back-end service Process, and Client has access to Process via reverse proxy Service, then Service will forward the request making it a confused deputy.

Threat Type: Primary Threat

Matching Pattern:

MP-CCCPCCS-i

Finds a client accessing a reverse proxy that uses a service, via the associated client channels, where the client and service are not in a credential forwarding chain, plus optionally the reverse proxy manager.

(empty)

DeputyConfusion at Role_ProxyChannel

(empty)

Threat CC.AuD.CCCPCCS-i.3

MP-CCCPCCS-i

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (0)