CAPEC-279: SOAP Manipulation

Simple Object Access Protocol (SOAP) is used as a communication protocol between a client and server to invoke web services on the server. It is an XML-based protocol, and therefore suffers from many of the same shortcomings as other XML-based protocols. Adversaries can make use of these shortcomings and manipulate the content of SOAP paramters, leading to undesirable behavior on the server and allowing the adversary to carry out a number of further attacks.

High

Typical severity

Per MITRE

Medium

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-279 (SOAP Manipulation) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-279: SOAP Manipulation

Overview

How the attack works

What the attacker needs

Prerequisites

Consequences

Frequently asked questions

What is CAPEC-279?

How does a SOAP Manipulation attack work?

What weaknesses does CAPEC-279 target?

How severe is CAPEC-279?

References

Defend against CAPEC-279

Overview

How the attack works

What the attacker needs

Prerequisites

Consequences

Related weaknesses

Related attack patterns

Parent

Can precede

Frequently asked questions

What is CAPEC-279?

How does a SOAP Manipulation attack work?

What weaknesses does CAPEC-279 target?

How severe is CAPEC-279?

References

Defend against CAPEC-279