Scope | Impact | Likelihood |
---|---|---|
Access Control Other | Gain Privileges or Assume Identity, Varies by Context Note: An attacker can access any functionality that is inadvertently accessible to the source. |
Reference | Description |
---|---|
DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning | |
DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning | |
DNS server caches glue records received from non-delegated name servers | |
user ID obtained from untrusted source (URL) | |
LDAP service does not verify if a particular attribute was set by the LDAP server | |
product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements. | |
product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS. |
CAPEC-ID | Attack Pattern Name |
---|---|
CAPEC-111 | JSON Hijacking (aka JavaScript Hijacking) An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website. |
CAPEC-141 | Cache Poisoning An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value. |
CAPEC-142 | DNS Cache Poisoning A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack. |
CAPEC-160 | Exploit Script-Based APIs Some APIs support scripting instructions as arguments. Methods that take scripted instructions (or references to scripted instructions) can be very flexible and powerful. However, if an attacker can specify the script that serves as input to these methods they can gain access to a great deal of functionality. For example, HTML pages support |