CAPEC-144: Detect Unpublicized Web Services

An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.

Low

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-144 (Detect Unpublicized Web Services) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-144: Detect Unpublicized Web Services

Overview

How the attack works

What the attacker needs

Prerequisites

Resources required

Frequently asked questions

What is CAPEC-144?

How does a Detect Unpublicized Web Services attack work?

What weaknesses does CAPEC-144 target?

How severe is CAPEC-144?

References

Defend against CAPEC-144

Overview

How the attack works

What the attacker needs

Prerequisites

Resources required

Related weaknesses

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-144?

How does a Detect Unpublicized Web Services attack work?

What weaknesses does CAPEC-144 target?

How severe is CAPEC-144?

References

Defend against CAPEC-144