StandardDraft

CAPEC-488HTTP Flood

Abstraction
Standard
Status
Draft

Description

An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the application layer such as web services and their infrastructure. These attacks use legitimate session-based HTTP GET requests designed to consume large amounts of a server's resources. Since these are legitimate sessions this attack is very difficult to detect.

Related weaknesses· 1

CWE-770

MITRE ATT&CK crosswalk· 1

T1499.002: Endpoint Denial of Service:Service Exhaustion Flood

Related attack patterns· 1

CAPEC-125 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessAllocation of Resources Without Limits or Throttlingcwe-770100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueService Exhaustion Floodt1499.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
ICMP Flood
CAPEC
SSL Flood
CAPEC
HTTP DoS
CAPEC
Flooding
CAPEC
TCP Flood
CAPEC
UDP Flood
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.