Open Rinal21 opened 2 years ago
@Rinal21
@3. Attack patterns ……………………………… CAPEC has the following patterns for this weakness:
❏ CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies ❏ CAPEC-34: HTTP Response Splitting ❏ CAPEC-63: Simple Script Injection ❏ CAPEC-85: Client Network Footprinting (using AJAX/XSS)
This weakness is described in WASC classification as four separate techniques:
❏ WASC-27: HTTP Response Smuggling ❏ WASC-25: HTTP Response Splitting ❏ WASC-26: HTTP Request Smuggling ❏ WASC-24: HTTP Request Splitting
Affected software ……………………………… Any software that uses input data to construct headers is potentially vulnerable to this weakness. In most cases, these are web applications, web servers, caching proxies.
Severity and CVSS Scoring …………………………………….. Depending on potential damage this weakness could impact the integrity of the application and is usually scored as: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N] — Medium severity.
Credits: https://www.immuniweb.com/
Wolcome to CYPRO.Rinalofficial21