CAPEC-279: SOAP Manipulation

Description

Simple Object Access Protocol (SOAP) is used as a communication protocol between a client and server to invoke web services on the server. It is an XML-based protocol, and therefore suffers from many of the same shortcomings as other XML-based protocols. Adversaries can make use of these shortcomings and manipulate the content of SOAP paramters, leading to undesirable behavior on the server and allowing the adversary to carry out a number of further attacks.

Extended Description

Web browsers enforce security zones based on DNS names in order to prevent cross-zone disclosure of information. Because the same name resolves to both these IP addresses, browsers will place both IP addresses in the same security zone and allow information to flow between the addresses. This allows adversaries to discover sensitive information about the internal network of an enterprise. If there is a trust relationship between the computer with the targeted browser and the internal machine the adversary identifies, additional attacks are possible. This attack differs from pharming attacks in that the adversary is the legitimate owner of the malicious DNS server and so does not need to compromise behavior of external DNS services.

Severity :

High

Possibility :

Medium

Type :

Detailed

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-110: SQL Injection through SOAP Parameter Tampering SQL Injection through SOAP Parameter Tampering CAPEC-228: DTD Injection DTD Injection CAPEC-278: Web Services Protocol Manipulation Web Services Protocol Manipulation

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

An application uses SOAP-based web service api.
An application does not perform sufficient input validation to ensure that user-controllable data is safe for an XML parser.
The targeted server either fails to verify that data in SOAP messages conforms to the appropriate XML schema, or it fails to correctly handle the complete range of data allowed by the schema.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-707: Improper Neutralization

Visit http://capec.mitre.org/ for more details.