Detailedseverity: MediumDraft

CAPEC-261Fuzzing for garnering other adjacent user/sensitive data

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An adversary who is authorized to send queries to a target sends variants of expected queries in the hope that these modified queries might return information (directly or indirectly through error logs) beyond what the expected set of queries should provide. Metadata: detailed CAPEC pattern, status draft, severity medium. Underlying weakness: CWE-20. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-20

Related attack patterns· 1

CAPEC-54 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-20100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Server Side Request Forgery
CAPEC
Fuzzing
CAPEC
Query System for Information
CAPEC
Fuzzing for application mapping
CAPEC
Exploitation of Trusted Identifiers
CAPEC
Avoid Security Tool Identification by Adding Data
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.