Certified Ethical Hacker (CEH v12) — Question 64
Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections.
Which of the following attack techniques is used by Stella to compromise the web services?
Answer options
- A. Web services parsing attacks
- B. WS-Address spoofing
- C. SOAPAction spoofing
- D. XML injection
Correct answer: B
Explanation
The correct answer is B, WS-Address spoofing, as it involves manipulating the routing information in the SOAP header to redirect requests. The other options, while related to web services, do not specifically address the exploitation of routing information for asynchronous communication like WS-Address spoofing does.