CAPEC-51: Poison Web Service Registry

Description
SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata, and delete information about service provider interfaces.
Extended Description

WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol.

Severity :

Very High

Possibility :

High

Type :

Detailed
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-203: Manipulate Registry Information Manipulate Registry Information
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The attacker must be able to write to resources or redirect access to the service registry.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low To identify and execute against an over-privileged system interface
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

Capability to directly or indirectly modify registry resources

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-285: Improper Authorization

CWE-693: Protection Mechanism Failure

Visit http://capec.mitre.org/ for more details.