Detailedlikelihood: Mediumseverity: Very HighDraft

CAPEC-107Cross Site Tracing

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
Very High

Description

Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to a destination system's web server. Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity very high. Underlying weaknesses: CWE-693, CWE-648. Related CAPEC pattern: [object Object].

Related weaknesses· 2

CWE-693CWE-648

Related attack patterns· 1

CAPEC-593 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessIncorrect Use of Privileged APIscwe-648100%live
WeaknessProtection Mechanism Failurecwe-693100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Cross Site Request Forgery
CAPEC
Cross Site Identification
CAPEC
Cross-Site Scripting (XSS)
CAPEC
Generic Cross-Browser Cross-Domain Theft
CAPEC
XSS Through HTTP Headers
CAPEC
Clickjacking
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.