Detailedlikelihood: Mediumseverity: Very HighDraft

CAPEC-57Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
Very High

Description

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated. Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity very high. Underlying weaknesses: CWE-300, CWE-287, CWE-693. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object].

Related weaknesses· 3

CWE-300CWE-287CWE-693

MITRE ATT&CK crosswalk· 1

T1040: Network Sniffing

Related attack patterns· 1

CAPEC-157 (ChildOf)

Exploits3

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-287100%live
WeaknessChannel Accessible by Non-Endpointcwe-300100%live
WeaknessProtection Mechanism Failurecwe-693100%live

Related to1

TypeTargetConfidenceTier
TechniqueNetwork Sniffingt1040100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Restful Privilege Elevation
CAPEC
Exploiting Incorrectly Configured SSL/TLS
CAPEC
Retrieve Embedded Sensitive Data
CAPEC
Exploitation of Trusted Identifiers
CAPEC
Server Side Request Forgery
CAPEC
Use of Known Domain Credentials
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.