CAPEC-580

System Footprinting
Niedrig
Niedrig
Stable
2015-11-09
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Benachrichtigung für ein CAPEC
Bleiben Sie über alle Änderungen zu einem bestimmten CAPEC informiert.
Benachrichtigungen verwalten

CAPEC-Beschreibungen

An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.

CAPEC-Informationen

Voraussetzungen

The adversary must have logical access to the target network and system.

Erforderliche Kenntnisse

The adversary needs to know basic linux commands.

Gegenmaßnahmen

Keep patches up to date by installing weekly or daily if possible.
Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.

Verwandte Schwachstellen

CWE-ID Name der Schwachstelle

CWE-204

 Observable Response Discrepancy
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

CWE-205

 Observable Behavioral Discrepancy
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.

CWE-208

 Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Einreichung

Name Organisation Datum Veröffentlichungsdatum
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00

Änderungen

Name Organisation Datum Kommentar
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Mitigations, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated @Name, Description
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Related_Weaknesses
Die auf CVE Find präsentierten Informationen stammen aus mehreren sorgfältig ausgewählten Referenzquellen. CVE-Daten werden von der MITRE Corporation und der National Vulnerability Database (NVD) bereitgestellt. Der Katalog bekannter ausgenutzter Schwachstellen (KEV) stammt von der Cybersecurity and Infrastructure Security Agency (CISA), während EPSS-Scores von FIRST.org kommen. Darüber hinaus werden Daten zu Software-Schwachstellen (CWE) und häufigen Angriffsmustern (CAPEC) von der MITRE Corporation gepflegt, und Informationen zu Hardware- und Software-Konfigurationen (CPE) werden von der NVD bereitgestellt.