CAPEC-596

TCP RST Injection
Draft
2017-01-03
00h00 +00:00
2019-04-04
00h00 +00:00
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Descriptions CAPEC

An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.

Informations CAPEC

Prerequisites

An On/In Path Device

Related Weaknesses

CWE-ID Weakness Name

CWE-940

Improper Verification of Source of a Communication Channel
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

References

REF-477

Inferring Mechanics of Web Censorship Around the World
John-Paul Verkamp, Minaxi Gupta.

Submission

Name Organization Date Date release
Seamus Tuohy 2017-01-03 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses