CAPEC-517: Documentation Alteration to Circumvent Dial-down
Description
Extended Description
WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol.
Severity :
High
Possibility :
Low
Type :
Detailed
Relationships with other CAPECs
This table shows the other attack patterns and high level categories that are related to this attack pattern.
Prerequisites
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- Advanced knowledge of internal software and hardware components within manufacturer's development environment.
- Access to the manufacturer's documentation.
Skills required
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- High Ability to read, interpret, and subsequently alter manufacturer's documentation to prevent dial-down capabilities.
- High Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation.
Taxonomy mappings
Mappings to ATT&CK, OWASP and other frameworks.
Related CWE
A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.
Visit http://capec.mitre.org/ for more details.