[Survey the target] Using a browser or an automated tool, an attacker records all instances of web services to process requests using serialized data.
[Launch a Blowup attack] The attacker crafts malicious messages that contain multiple configuration parameters in the same dataset.
Nom de la faiblesse | |
---|---|
CWE-770 |
Allocation of Resources Without Limits or Throttling The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. |
Nom | Organisation | Date | Date de publication |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Nom | Organisation | Date | Commentaire |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Activation_Zone, Attack_Phases, Description, Description Summary, Examples-Instances, Injection_Vector, Methods_of_Attack, Payload, Related_Attack_Patterns, Typical_Likelihood_of_Exploit, Typical_Severity | |
CAPEC Content Team | The MITRE Corporation | Updated @Name, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites | |
CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances |