Standardlikelihood: Highseverity: LowDraft

CAPEC-54Query System for Information

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
Low

Description

An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide.

Related weaknesses· 1

CWE-209

Related attack patterns· 1

CAPEC-116 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessGeneration of Error Message Containing Sensitive Informationcwe-209100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Fuzzing for garnering other adjacent user/sensitive data
CAPEC
System Footprinting
CAPEC
XQuery Injection
CAPEC
Web Application Fingerprinting
CAPEC
Pull Data from System Resources
CAPEC
SQL Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.