Prerequisites
The targeted business's UDDI or ebXML information must be served from a location that the attacker can spoof or compromise or the attacker must be able to intercept and modify unsecured UDDI/ebXML messages in transit.
Resources Required
The attacker must be able to force the target user to accept their spoofed UDDI or ebXML message as opposed to the a message associated with a legitimate company. Depending on the follow-on for the attack, the attacker may also need to serve its own web services.
Mitigations
Implementation: Clients should only trust UDDI, ebXML, or similar messages that are verifiably signed by a trusted party.
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-345 |
Insufficient Verification of Data Authenticity The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Attack_Patterns |