Conditions préalables
The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can alter functionality.
Ressources nécessaires
The attacker must be able to manipulate the communications to the targeted application or service.
Atténuations
Design: Range, size and value and consistency verification for any arguments supplied to applications and services from external sources and devise appropriate error response.
Design: Ensure that function calls that should not be called by an unprivileged user are not accessible to them.
Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
|
Improper Neutralization The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. |
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2018-07-31 +00:00 |
Updated Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |