Standardlikelihood: Mediumseverity: HighDraft

CAPEC-481Contradictory Destinations in Traffic Routing Schemes

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
High

Description

Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.

Related weaknesses· 1

CWE-923

MITRE ATT&CK crosswalk· 1

T1090.004: Proxy:Domain Fronting

Related attack patterns· 1

CAPEC-161 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Communication Channel to Intended Endpointscwe-923100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueDomain Frontingt1090.004100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Sub-technique
Domain Fronting
CAPEC
DNS Spoofing
CAPEC
DNS Rebinding
CAPEC
DNS Blocking
CAPEC
SoundSquatting
CAPEC
DNS Cache Poisoning
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.