Certified Ethical Hacker (CEH v11) — Question 373
Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections.
Which of the following attack techniques is used by Stella to compromise the web services?
Answer options
- A. Web services parsing attacks
- B. WS-Address spoofing
- C. SOAPAction spoofing
- D. XML injection
Correct answer: B
Explanation
The correct answer is B, WS-Address spoofing, which involves manipulating the routing information in SOAP headers to redirect web service communications. The other options, such as A (Web services parsing attacks) and C (SOAPAction spoofing), do not specifically relate to exploiting routing information for asynchronous communication, while D (XML injection) focuses on injecting malicious XML into requests rather than manipulating routing information.