Detailedlikelihood: Mediumseverity: HighDraft

CAPEC-279SOAP Manipulation

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
High

Description

Simple Object Access Protocol (SOAP) is used as a communication protocol between a client and server to invoke web services on the server. It is an XML-based protocol, and therefore suffers from many of the same shortcomings as other XML-based protocols. Adversaries can make use of these shortcomings and manipulate the content of SOAP paramters, leading to undesirable behavior on the server and allowing the adversary to carry out a number of further attacks.

Related weaknesses· 1

CWE-707

Related attack patterns· 3

CAPEC-278 (ChildOf)CAPEC-110 (CanPrecede)CAPEC-228 (CanPrecede)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralizationcwe-707100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Web Services Protocol Manipulation
CAPEC
SQL Injection through SOAP Parameter Tampering
CAPEC
Data Interchange Protocol Manipulation
CAPEC
DEPRECATED: SOAP Parameter Tampering
CAPEC
Client-Server Protocol Manipulation
CAPEC
Protocol Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.