Modes d'introduction
Implementation
Operation
Conséquences courantes
Portée |
Impact |
Probabilité |
Confidentiality Integrity Availability | Execute Unauthorized Code or Commands | |
Mesures d’atténuation potentielles
Phases : Installation // System Configuration
Remove any Shells accessible under the web root folder and children directories.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Modèles d'attaque associés
CAPEC-ID |
Nom du modèle d'attaque |
CAPEC-650 |
Upload a Web Shell to a Web Server By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels. |
Soumission
Nom |
Organisation |
Date |
Date de publication |
Version |
Anonymous Tool Vendor (under NDA) |
|
2006-07-19 +00:00 |
2006-07-19 +00:00 |
Draft 3 |
Modifications
Nom |
Organisation |
Date |
Commentaire |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Potential_Mitigations, Time_of_Introduction |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2012-10-30 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2014-07-30 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Taxonomy_Mappings |
CWE Content Team |
MITRE |
2019-01-03 +00:00 |
updated Related_Attack_Patterns |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |