CAPEC Details
Name Application Fingerprinting
Likelyhood of attack Typical severity
Low Low
Summary An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
Prerequisites None
Solutions
Related Weaknesses
CWE ID Description
CWE-204 Observable Response Discrepancy
CWE-205 Observable Behavioral Discrepancy
CWE-208 Observable Timing Discrepancy
Related CAPECS
CAPEC ID Description
CAPEC-224 An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Most commonly, fingerprinting is done to determine operating system and application versions. Fingerprinting can be done passively as well as actively. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.
Taxonomy: ATTACK
Entry ID Entry Name
1592.002 Gather Victim Host Information: Software