CAPEC 58 Restful Privilege Elevation

Name: VulnX Platform
Author: Studio Consi

Draft Detailed High Risk

Severity High

Description

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.

CAPEC 58 Restful Privilege Elevation

Description

Mitigations

Design: Enforce Principle Of Least Privilege

Implementation: Ensure That Http Get Methods Only Retrieve State And Do Not Alter State On The Server Side

Implementation: Ensure That Http Methods Have Proper Acls Based On What The Functionality They Expose

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

CAPEC 58 Restful Privilege Elevation

Description

Mitigations

Design: Enforce Principle Of Least Privilege

Implementation: Ensure That Http Get Methods Only Retrieve State And Do Not Alter State On The Server Side

Implementation: Ensure That Http Methods Have Proper Acls Based On What The Functionality They Expose

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Iscriviti alla newsletter