CAPEC-218: Spoofing of UDDI/ebXML Messages
An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standards are used to identify businesses in e-business transactions. Among other things, they identify a particular participant, WSDL information for SOAP transactions, and supported communication protocols, including security protocols. By spoofing one of these messages an attacker could impersonate a legitimate business in a transaction or could manipulate the protocols used between a client and business. This could result in disclosure of sensitive information, loss of message integrity, or even financial fraud.
Last updated
Overview
CAPEC-218 (Spoofing of UDDI/ebXML Messages) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The targeted business's UDDI or ebXML information must be served from a location that the attacker can spoof or compromise or the attacker must be able to intercept and modify unsecured UDDI/ebXML messages in transit.
Resources required
- The attacker must be able to force the target user to accept their spoofed UDDI or ebXML message as opposed to the a message associated with a legitimate company. Depending on the follow-on for the attack, the attacker may also need to serve its own web services.
How to mitigate it
Defenses that reduce the risk of CAPEC-218.
- Implementation: Clients should only trust UDDI, ebXML, or similar messages that are verifiably signed by a trusted party.
Frequently asked questions
Common questions about CAPEC-218.
- What is CAPEC-218?
- An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standards are used to identify businesses in e-business transactions. Among other things, they identify a particular participant, WSDL information for SOAP transactions, and supported communication protocols, including security protocols. By spoofing one of these messages an attacker could impersonate a legitimate business in a transaction or could manipulate the protocols used between a client and business. This could result in disclosure of sensitive information, loss of message integrity, or even financial fraud.
- How do you prevent CAPEC-218?
- Implementation: Clients should only trust UDDI, ebXML, or similar messages that are verifiably signed by a trusted party.
- What weaknesses does CAPEC-218 target?
- CAPEC-218 exploits 1 CWE weakness, including CWE-345 (Insufficient Verification of Data Authenticity).
- How severe is CAPEC-218?
- MITRE rates CAPEC-218 as Medium severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-218
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.