Standardlikelihood: Highseverity: HighDraft

CAPEC-87Forceful Browsing

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.

Related weaknesses· 3

CWE-425CWE-285CWE-693

Related attack patterns· 1

CAPEC-115 (ChildOf)

Exploits3

TypeTargetConfidenceTier
WeaknessImproper Authorizationcwe-285100%live
WeaknessProtection Mechanism Failurecwe-693100%live
WeaknessDirect Request ('Forced Browsing')cwe-425100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Cross Site Request Forgery
CAPEC
Accessing Functionality Not Properly Constrained by ACLs
CAPEC
Authentication Abuse
CWE
Direct Request ('Forced Browsing')
CAPEC
Brute Force
CAPEC
Bypassing of Intermediate Forms in Multiple-Form Sets
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.