StandardDraft

CAPEC-278Web Services Protocol Manipulation

Abstraction
Standard
Status
Draft

Description

An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.

Related weaknesses· 1

CWE-707

Related attack patterns· 1

CAPEC-272 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralizationcwe-707100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Protocol Manipulation
CAPEC
SOAP Manipulation
CAPEC
Client-Server Protocol Manipulation
CAPEC
DEPRECATED: SOAP Parameter Tampering
CAPEC
SQL Injection through SOAP Parameter Tampering
CAPEC
Data Interchange Protocol Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.