Detailedseverity: MediumDraft

CAPEC-218Spoofing of UDDI/ebXML Messages

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standards are used to identify businesses in e-business transactions. Among other things, they identify a particular participant, WSDL information for SOAP transactions, and supported communication protocols, including security protocols. By spoofing one of these messages an attacker could impersonate a legitimate business in a transaction or could manipulate the protocols used between a client and business. This could result in disclosure of sensitive information, loss of message integrity, or even financial fraud.

Related weaknesses· 1

CWE-345

Related attack patterns· 1

CAPEC-148 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessInsufficient Verification of Data Authenticitycwe-345100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Data Interchange Protocol Manipulation
CAPEC
Identity Spoofing
CAPEC
XML Schema Poisoning
CAPEC
SOAP Manipulation
CAPEC
Content Spoofing
CAPEC
XML Routing Detour Attacks
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.