CAPEC-278
Web Services Protocol Manipulation
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2019-04-04
00h00 +00:00
00h00 +00:00
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.
Informacje CAPEC
Wymagania wstępne
The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can alter functionality.Wymagane zasoby
The attacker must be able to manipulate the communications to the targeted application or service.Łagodzenie
Design: Range, size and value and consistency verification for any arguments supplied to applications and services from external sources and devise appropriate error response.Design: Ensure that function calls that should not be called by an unprivileged user are not accessible to them.
Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-707 |
Improper Neutralization The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. |
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses |
