Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-274:HTTP Verb Tampering
Attack Pattern ID:274
Version:v3.9
Attack Pattern Name:HTTP Verb Tampering
Abstraction:Detailed
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
2Weaknesses found
CWE-302
Authentication Bypass by Assumed-Immutable Data
ShareView Details
Authentication Bypass by Assumed-Immutable Data
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in27CVEs

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Impacts-
Bypass Protection Mechanism
Tags-
Bypass Protection Mechanism (impact)
As Seen In-
Not Available
CWE-654
Reliance on a Single Factor in a Security Decision
ShareView Details
Reliance on a Single Factor in a Security Decision
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in1CVEs

A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.

Impacts-
Hide ActivitiesGain Privileges or Assume Identity
Tags-
Hide Activities (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available