A product can be used as an intermediary or proxy between an attacker and the ultimate target, so that the attacker can either bypass access controls or hide activities. 699 Category ChildOf 418 1000 Weakness ChildOf 610 888 Category ChildOf 902 This entry is currently a child of CWE-610 under view 1000, however there is also a relationship with CWE-668 because the resulting proxy effectively exposes the victims control sphere to the attacker. This should possibly be considered as an emergent resource. Architecture and Design Non-Repudiation Access_Control Gain privileges / assume identity Hide activities Architecture and Design Enforce the use of strong mutual authentication mechanism between the two parties. CVE-1999-0168 Portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper. CVE-2005-0315 FTP server does not ensure that the IP address in a PORT command is the same as the FTP user's session, allowing port scanning by proxy. CVE-2002-1484 Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning. CVE-2004-2061 CGI script accepts and retrieves incoming URLs. CVE-2001-1484 MFV - bounce attack allows access to TFTP from trusted side. CVE-1999-0017 FTP bounce attack. Protocol allows attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker's. Similar to proxied trusted channel. Unintended proxy/intermediary Proxied Trusted Channel Routing Detour 32 141 142 219 465 PLOVER Eric Dalci Cigital 2008-07-01 updated Potential_Mitigations, Time_of_Introduction CWE Content Team MITRE 2008-09-08 updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings CWE Content Team MITRE 2008-11-24 updated Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction CWE Content Team MITRE 2010-02-16 updated Taxonomy_Mappings CWE Content Team MITRE 2010-04-05 updated Related_Attack_Patterns CWE Content Team MITRE 2010-06-21 updated Other_Notes CWE Content Team MITRE 2011-06-01 updated Common_Consequences CWE Content Team MITRE 2011-06-27 updated Common_Consequences CWE Content Team MITRE 2012-05-11 updated Related_Attack_Patterns, Relationships CWE Content Team MITRE 2012-10-30 updated Potential_Mitigations