Detailedlikelihood: Highseverity: HighDraft

CAPEC-58Restful Privilege Elevation

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages. Metadata: detailed CAPEC pattern, status draft, likelihood high, severity high. Underlying weaknesses: CWE-267, CWE-269. Related CAPEC patterns: [object Object], [object Object].

Related weaknesses· 2

CWE-267CWE-269

Related attack patterns· 2

CAPEC-1 (ChildOf)CAPEC-180 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-269100%live
WeaknessPrivilege Defined With Unsafe Actionscwe-267100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
CAPEC
Privilege Escalation
CAPEC
Privilege Abuse
CAPEC
Accessing Functionality Not Properly Constrained by ACLs
CAPEC
Target Programs with Elevated Privileges
CAPEC
Server Side Request Forgery
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.