CAPEC-278: Web Services Protocol Manipulation

An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.

Not rated

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

Overview

CAPEC-278 (Web Services Protocol Manipulation) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-278: Web Services Protocol Manipulation

Overview

What the attacker needs

Prerequisites

Resources required

How to mitigate it

Frequently asked questions

What is CAPEC-278?

How do you prevent CAPEC-278?

What weaknesses does CAPEC-278 target?

References

Defend against CAPEC-278

Overview

What the attacker needs

Prerequisites

Resources required

How to mitigate it

Related weaknesses

Related attack patterns

Parent

Child

Frequently asked questions

What is CAPEC-278?

How do you prevent CAPEC-278?

What weaknesses does CAPEC-278 target?

References

Defend against CAPEC-278