CAPEC-51 - Poison Web Service Registry

SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata (to effect a denial of service), and delete information about service provider interfaces.

WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. The attacker that can rewrite WS-addressing information gains the ability to route service requesters to any service providers, and the ability to route service provider response to any service.

Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol. The basic flow for the attacker consists of either altering the data at rest in the registry or uploading malicious content by spoofing a service provider. The service requester is then redirected to send its requests and/or responses to services the attacker controls.






  • Attack Methods 3
  • Modification of Resources
  • Injection
  • Protocol Manipulation
  • Purposes 1
  • Exploitation
  • Scopes 3
  • Execute unauthorized code or commands
  • Availability
  • Integrity
  • Confidentiality
  • Read application data
  • Confidentiality
  • Modify application data
  • Integrity

Low level: To identify and execute against an over-privileged system interface

The attacker must be able to write to resources or redirect access to the service registry.

Capability to directly or indirectly modify registry resources

Design: Enforce principle of least privilege

Design: Harden registry server and file access permissions

Implementation: Implement communications to and from the registry using secure protocols