 Description An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. Extended Description This is achieved by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target, or by sending data that is syntactically invalid or non-standard in an attempt to produce a response that contains the desired data. As a result of these interactions, the adversary is able to obtain information from the target that aids the attacker in making inferences about its security, configuration, or potential vulnerabilities. Examplar exchanges with the target may trigger unhandled exceptions or verbose error messages that reveal information like stack traces, configuration information, path information, or database design. This type of attack also includes the manipulation of query strings in a URI to produce invalid SQL queries, or by trying alternative path values in the hope that the server will return useful information. Likelihood Of Attack Typical Severity Prerequisites
| An adversary requires some way of interacting with the system. |
Resources Required
| A tool, such as an Adversary in the Middle (CAPEC-94) Proxy or a fuzzer, that is capable of generating and injecting custom inputs to be used in the attack. |
Consequences  This table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.| Scope | Impact | Likelihood |
|---|
Confidentiality | Read Data | |
Mitigations
| Minimize error/response output to only what is necessary for functional use or corrective language. |
| Remove potentially sensitive information that is not necessary for the application's functionality. |
Notes Other Large quantities of data is often moved from the target system to some other adversary controlled system. Data found on a target system might require extensive resources to be fully analyzed. Using these resources on the target system might enable a defender to detect the adversary. Additionally, proper analysis tools required might not be available on the target system. Other This attack differs from Data Interception and other data collection attacks in that the attacker actively queries the target rather than simply watching for the target to reveal information.  Content History | Submissions |
|---|
| Submission Date | Submitter | Organization |
|---|
| 2014-06-23 (Version 2.6) | CAPEC Content Team | The MITRE Corporation | | | Modifications |
|---|
| Modification Date | Modifier | Organization |
|---|
| 2015-11-09 (Version 2.7) | CAPEC Content Team | The MITRE Corporation | | Updated Activation_Zone, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact | | 2017-05-01 (Version 2.10) | CAPEC Content Team | The MITRE Corporation | | Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Other_Notes, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit | | 2020-07-30 (Version 3.3) | CAPEC Content Team | The MITRE Corporation | | Updated Related_Weaknesses | | 2020-12-17 (Version 3.4) | CAPEC Content Team | The MITRE Corporation | | Updated Related_Attack_Patterns | | 2021-06-24 (Version 3.5) | CAPEC Content Team | The MITRE Corporation | | Updated Resources_Required | | 2022-09-29 (Version 3.8) | CAPEC Content Team | The MITRE Corporation | | Updated Description, Extended_Description |
More information is available — Please select a different filter.
|
