CAPEC-596: TCP RST Injection
An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.
Last updated
Overview
CAPEC-596 (TCP RST Injection) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- An On/In Path Device
Frequently asked questions
Common questions about CAPEC-596.
- What is CAPEC-596?
- An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.
- What weaknesses does CAPEC-596 target?
- CAPEC-596 exploits 1 CWE weakness, including CWE-940 (Improper Verification of Source of a Communication Channel).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-596
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.