ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 66 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 66
Topic #: 1
[All 312-50v12 Questions]

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections.
Which of the following attack techniques is used by Stella to compromise the web services?

  • A. Web services parsing attacks
  • B. WS-Address spoofing
  • C. SOAPAction spoofing
  • D. XML injection
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by eli117 at April 4, 2023, 8:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
eli117
Highly Voted 1 year, 6 months ago
Selected Answer: B
B. WS-Address spoofing Explanation: WS-Address spoofing is an attack technique used to exploit a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This vulnerability allows the transmission of web-service requests and response messages using different TCP connections. An attacker can exploit this vulnerability by modifying the WS-Addressing header to redirect the web-service request to a different endpoint or server. In a WS-Address spoofing attack, the attacker crafts a malicious SOAP message that includes a modified WS-Addressing header. This header contains a spoofed address that points to a malicious endpoint or server controlled by the attacker. When the SOAP message is processed by the web service, it sends the response to the spoofed address specified in the header, allowing the attacker to intercept and modify the response.
upvoted 7 times
...
jeremy13
Highly Voted 1 year, 4 months ago
Selected Answer: B
B. WS-Address spoofing CEH Book V12 Module 14 P2076 "WS-address provides additional routing information in the SOAP header to support asynchronous communication"
upvoted 6 times
...
insaniunt
Most Recent 9 months, 2 weeks ago
Selected Answer: B
About that: Module 14 Page 2076 from CEH v12 book
upvoted 2 times
...
IPconfig
11 months, 1 week ago
Selected Answer: B
WS-address provides additional routing information in the SOAP header to support asynchronous communication In a WS-address spoofing attack, an attacker sends a SOAP message containing fake WS-address information to the server. The <ReplyTo> header consists of the address of the endpoint selected by the attacker rather than the address of the web service client CEH V12 pg 2076
upvoted 1 times
...
581777a
1 year, 1 month ago
Selected Answer: B
B. WS-Address spoofing
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago