Dark Mode

Settings

Capec-488 Detail

HTTP Flood

Standard Communications Software

Parents: 125

Threats: T61 T64 T74 T269 T282 T285 T289 T335 T374 T401 T404

Description

An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the application layer such as web services and their infrastructure. These attacks use legitimate session-based HTTP GET requests designed to consume large amounts of a server's resources. Since these are legitimate sessions this attack is very difficult to detect.

Not present

External ID Source Link Description
CAPEC-488 capec https://capec.mitre.org/data/definitions/488.html
CWE-770 cwe http://cwe.mitre.org/data/definitions/770.html
T1499.002 ATTACK https://attack.mitre.org/wiki/Technique/T1499/002 Endpoint Denial of Service:Service Exhaustion Flood
REF-751 reference_from_CAPEC https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/ HTTP Flood Attack

Not present

  1. This type of an attack requires the ability to generate a large amount of HTTP traffic to send to a target server.

Not present

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.