Certified Ethical Hacker (CEH v13) — Question 98
Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections.
Which of the following attack techniques is used by Stella to compromise the web services?
Answer options
- A. Web services parsing attacks
- B. WS-Address spoofing
- C. SOAPAction spoofing
- D. XML injection
Correct answer: B
Explanation
The correct answer is B, WS-Address spoofing, which involves manipulating the WS-Addressing headers to reroute messages. The other options, while relevant to web service security, do not specifically pertain to the exploitation of routing information in the SOAP header for asynchronous communication as described in the scenario.