CAPEC-596
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Descriptions CAPEC
An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.
Informations CAPEC
Prerequisites
An On/In Path DeviceRelated Weaknesses
| Weakness Name | |
|---|---|
CWE-940 |
Improper Verification of Source of a Communication Channel The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
References
REF-477
Inferring Mechanics of Web Censorship Around the WorldJohn-Paul Verkamp, Minaxi Gupta.
Submission
| Name | Organization | Date | Date release |
|---|---|---|---|
| Seamus Tuohy |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.