Detailedseverity: LowDraft

CAPEC-144Detect Unpublicized Web Services

Abstraction
Detailed
Status
Draft
Severity
Low

Description

An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable. Metadata: detailed CAPEC pattern, status draft, severity low. Underlying weakness: CWE-425. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-425

Related attack patterns· 1

CAPEC-150 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessDirect Request ('Forced Browsing')cwe-425100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Detect Unpublicized Web Pages
CAPEC
Using Unpublished Interfaces or Functionality
CAPEC
Exploit Non-Production Interfaces
CAPEC
WSDL Scanning
CAPEC
Port Scanning
CAPEC
Calling Micro-Services Directly
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.