CAPEC-107

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Medium Severity: Very High
Cross Site Tracing

Description

Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to a destination system's web server.

Prerequisites

HTTP TRACE is enabled on the web server

The destination system is susceptible to XSS or an adversary can leverage some other weakness to bypass the same origin policy

Scripting is enabled in the client's browser

HTTP is used as the communication protocol between the server and the client

Mitigations

Administrators should disable support for HTTP TRACE at the destination's web server. Vendors should disable TRACE by default.

Patch web browser against known security origin policy bypass exploits.

Skills Required

[Medium] Understanding of the HTTP protocol and an ability to craft a malicious script