CAPEC-278: Web Services Protocol Manipulation

Description

An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.

Extended Description

Web browsers enforce security zones based on DNS names in order to prevent cross-zone disclosure of information. Because the same name resolves to both these IP addresses, browsers will place both IP addresses in the same security zone and allow information to flow between the addresses. This allows adversaries to discover sensitive information about the internal network of an enterprise. If there is a trust relationship between the computer with the targeted browser and the internal machine the adversary identifies, additional attacks are possible. This attack differs from pharming attacks in that the adversary is the legitimate owner of the malicious DNS server and so does not need to compromise behavior of external DNS services.

Severity :

Possibility :

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-201: Serialized Data External Linking Serialized Data External Linking CAPEC-221: Data Serialization External Entities Blowup Data Serialization External Entities Blowup CAPEC-272: Protocol Manipulation Protocol Manipulation CAPEC-279: SOAP Manipulation SOAP Manipulation

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can alter functionality.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

The attacker must be able to manipulate the communications to the targeted application or service.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-707: Improper Neutralization

Visit http://capec.mitre.org/ for more details.