CAPEC-230: Serialized Data with Nested Payloads

Overview

An adversary's goal is to leverage parser failure to their advantage. In most cases this type of an attack will result in a Denial of Service due to an application becoming unstable, freezing, or crashing. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [REF-89]. This attack is most closely associated with web services using SOAP or a Rest API, because remote service requesters can post malicious payloads to the service provider. The main weakness is that the service provider generally must inspect, parse, and validate the messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that this attack targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Overview

CAPEC-230: Serialized Data with Nested Payloads

Overview

How the attack works

What the attacker needs

Prerequisites

Consequences

How to mitigate it

How to detect it

Terminology & mappings

Alternate terms

Frequently asked questions

What is CAPEC-230?

How does a Serialized Data with Nested Payloads attack work?

How do you prevent CAPEC-230?

What weaknesses does CAPEC-230 target?

How severe is CAPEC-230?

References

Defend against CAPEC-230

Overview

Overview

How the attack works

What the attacker needs

Prerequisites

Consequences

How to mitigate it

How to detect it

Related weaknesses

Related attack patterns

Parent

Child

Terminology & mappings

Alternate terms

Frequently asked questions

What is CAPEC-230?

How does a Serialized Data with Nested Payloads attack work?

How do you prevent CAPEC-230?

What weaknesses does CAPEC-230 target?

How severe is CAPEC-230?

References

Defend against CAPEC-230