Standardseverity: MediumDraft

CAPEC-466Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy

Abstraction
Standard
Status
Draft
Severity
Medium

Description

An attacker leverages an adversary in the middle attack (CAPEC-94) in order to bypass the same origin policy protection in the victim's browser. This active adversary in the middle attack could be launched, for instance, when the victim is connected to a public WIFI hot spot. An attacker is able to intercept requests and responses between the victim's browser and some non-sensitive website that does not use TLS.

Related weaknesses· 1

CWE-300

Related attack patterns· 1

CAPEC-94 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessChannel Accessible by Non-Endpointcwe-300100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Cross-Domain Search Timing
CAPEC
Evil Twin Wi-Fi Attack
CAPEC
JSON Hijacking (aka JavaScript Hijacking)
CAPEC
Content Spoofing Via Application API Manipulation
CAPEC
Generic Cross-Browser Cross-Domain Theft
CAPEC
Cross Site Request Forgery
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.