| Name |
Application Fingerprinting |
|
| Likelyhood of attack |
Typical severity |
| Low |
Low |
|
| Summary |
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target. |
| Prerequisites |
None |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-204 |
Observable Response Discrepancy |
| CWE-205 |
Observable Behavioral Discrepancy |
| CWE-208 |
Observable Timing Discrepancy |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-224 |
An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Most commonly, fingerprinting is done to determine operating system and application versions. Fingerprinting can be done passively as well as actively. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1592.002 |
Gather Victim Host Information: Software |
|