CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.
常见后果
影响范围: Non-Repudiation Access Control
技术影响: Gain Privileges or Assume Identity Hide Activities Execute Unauthorized Code or Commands
潜在缓解措施
阶段: Architecture and Design
描述: Enforce the use of strong mutual authentication mechanism between the two parties.
阶段: Architecture and Design
描述: Whenever a product is an intermediary or proxy for transactions between two other components, the proxy core should not drop the identity of the initiator of the transaction. The immutability of the identity of the initiator must be maintained and should be forwarded all the way to the target.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-1999-0017
FTP bounce attack. The design of the protocol allows an attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker's.
参考: CVE-1999-0168
RPC portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper.
参考: CVE-2005-0315
FTP server does not ensure that the IP address in a PORT command is the same as the FTP user's session, allowing port scanning by proxy.
参考: CVE-2002-1484
Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.
参考: CVE-2004-2061
CGI script accepts and retrieves incoming URLs.
参考: CVE-2001-1484
Bounce attack allows access to TFTP from trusted side.
参考: CVE-2010-1637
Web-based mail program allows internal network scanning using a modified POP3 port number.
参考: CVE-2009-0037
URL-downloading library automatically follows redirects to file:// and scp:// URLs
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
适用平台
编程语言
操作系统
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Unintended proxy/intermediary | - |
| PLOVER | - | Proxied Trusted Channel | - |
| WASC | 32 | Routing Detour | - |