Threat P.V.SPNaS.2

URI: P.V.SPNaS.2

Package: VulnerabilityCVSS

< prev | next >

Description: Remote authenticated exploit on service Service via reverse proxy Client: a malicious user or attacker able send messages to Service via reverse proxy Client can send a malicious request that can exploit a bug in Service after authentication.

Threat Type: Primary Threat

Matching Pattern:

P.V.SPNaS.2
MP-SPNaS

Finds a host running a service accessed via a reverse proxy, plus the associated client channel, contexts in which the service can be accessed, and optionally the managers of the client proxy, service and service host.

        (empty)

        (empty)

        (empty)

CSG-PatchingAtService

Use a systematic procedure for regular security patching of software used (including hosted process Service) on device SHost, and have a contingency plan included in the system operating policies and practices for HostManager to manually apply patches immediately for Service should the need for them become urgent.

CSG-PatchingAtService-Implementation

Represents a situation in which software patches have been applied manually by HostManager to eliminate vulnerabilities in process Service. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. Note that this should only be considered if a suitable software patch is available. To implement this at runtime, signal the responsible user HostManager.