Home > CAPEC List > CAPEC-371: WASC-38 - URL Redirector Abuse (Version 3.0)  

CAPEC-371: WASC-38 - URL Redirector Abuse

Category ID: 371
 
Status: Draft
+ Summary
This category is related to the WASC Threat Classification 2.0 item URL Redirector Abuse
+ Membership
NatureTypeIDName
MemberOfViewView - A view in CAPEC represents a perspective with which one might look at the collection of attack patterns defined within CAPEC. There are three different types of views: graphs, explicit slices, and implicit slices.333WASC Threat Classification 2.0
HasMemberStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.194Fake the Source of Data
+ Notes

Relationship

It should be noted that the member relation to CAPEC-194 is not as clean as could be. CAPEC-194 would ideally have another child (other than CAPEC-543: Counterfeit Websites) that is specific to URL Redirection. Unlike CAPEC-543, URL Redirection does not require a counterfeit website, but rather the user to simply click a link. With that said, we have created this relationship to CAPEC-194 due to the related weakness (CWE-601), which specifically deals with URL Redirection, and will revist this at a later date.
+ References
[REF-314] "WASC Threat Classification 2.0". WASC-38 - URL Redirector Abuse. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/URL-Redirector-Abuse>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationship_Notes, Relationships

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2018