CAPEC-51: Poison Web Service Registry
SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata, and delete information about service provider interfaces.
Last updated
Overview
WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
[Find a target SOA or Web Service] The adversary must first indentify a target SOA or Web Service.
- Step 2Experiment
[Determine desired outcome] Because poisoning a web service registry can have different outcomes, the adversary must decide how they wish to effect the webservice.
- An adversary can perform a denial of service attack on a web service.
- An adversary can redirect requests or responses to a malicious service.
- Step 3Experiment
[Determine if a malicious service needs to be created] If the adversary wishes to redirect requests or responses, they will need to create a malicious service to redirect to.