R-001 - Reverse proxy misconfiguration exposing internal services
Description
Misconfiguration of reverse proxy routing or access control could expose internal services or allow unintended access paths.
Linked Scenario
Affected Asset(s)
Risk Evaluation
Likelihood
- Possible
- Public exposure + manual configuration
Impact
- Major
- Unauthorized access to services or data
Risk Level
- High
Risk Treatment Decision
- Mitigate
Justification
Exposure is real and directly exploitable.
Associated Controls
- Strict routing rules
- Access restrictions
- Future WAF
Residual Risk
- Medium (shared environment)
Monitoring & Review
- Access logs
- Unexpected route access
Status
- Open