Standardseverity: MediumDraft

CAPEC-179Calling Micro-Services Directly

Abstraction
Standard
Status
Draft
Severity
Medium

Description

An attacker is able to discover and query Micro-services at a web location and thereby expose the Micro-services to further exploitation by gathering information about their implementation and function. Micro-services in web pages allow portions of a page to connect to the server and update content without needing to cause the entire page to update. This allows user activity to change portions of the page more quickly without causing disruptions elsewhere.

Related attack patterns· 1

CAPEC-554 (ChildOf)

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Web Services Protocol Manipulation
CAPEC
Exploit Script-Based APIs
CAPEC
XSS Through HTTP Query Strings
CAPEC
Detect Unpublicized Web Services
CAPEC
Clickjacking
CAPEC
Web Application Fingerprinting
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.