CAPEC-95: WSDL Scanning

Description
This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.
Extended Description

Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first flows through the adversary, who has the opportunity to observe or alter it, before being passed on to the intended recipient as if it was never observed. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for these attacks yields an implicit lack of trust in communication or identify between two components.

These attacks differ from Sniffing Attacks (CAPEC-157) since these attacks often modify the communications prior to delivering it to the intended recipient.

Severity :

High

Possibility :

High

Type :

Detailed
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-54: Query System for Information Query System for Information
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • A client program connecting to a web service can read the WSDL to determine what functions are available on the server.
  • The target host exposes vulnerable functions within its WSDL interface.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low This attack can be as simple as reading WSDL and starting sending invalid request.
  • Medium This attack can be used to perform more sophisticated attacks (SQL injection, etc.)
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory

Visit http://capec.mitre.org/ for more details.