CAPEC-134
Alerta para un CAPEC
Manténgase informado sobre cualquier cambio en un CAPEC específico.
Descripciones CAPEC
An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol.
Informaciones CAPEC
Prerrequisitos
The target application must allow the user to send email to some recipient, to specify the content at least one header field in the message, and must fail to sanitize against the injection of command separators.The adversary must have the ability to access the target mail application.
Recursos requeridos
None: No specialized resources are required to execute this type of attack.Debilidades relacionadas
| Nombre de la debilidad | |
|---|---|
CWE-150 |
Improper Neutralization of Escape, Meta, or Control Sequences The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component. |
Envío
| Nombre | Organización | Fecha | Fecha de lanzamiento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificaciones
| Nombre | Organización | Fecha | Comentario |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Related_Attack_Patterns, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
