[Identify and explore caches] Use tools to sniff traffic and scan a network in order to locate application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache) that may have vulnerabilities. Look for poisoning point in cache table entries.
[Cause specific data to be cached] An attacker sends bogus request to the target, and then floods responses that trick a cache to remember malicious responses, which are wrong answers of queries.
[Redirect users to malicious website] As the attacker succeeds in exploiting the vulnerability, they are able to manipulate and interpose malicious response data to targeted victim queries.
Weakness Name | |
---|---|
Use of Less Trusted Source The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack. |
|
Insufficient Verification of Data Authenticity The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
|
Acceptance of Extraneous Untrusted Data With Trusted Data The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted. |
|
Origin Validation Error The product does not properly verify that the source of data or communication is valid. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated Execution_Flow, Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated References, Taxonomy_Mappings | |
CAPEC Content Team | The MITRE Corporation | Updated Execution_Flow | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances, Related_Weaknesses, Taxonomy_Mappings |