CAPEC-134
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Descrizioni CAPEC
An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol.
Informazioni CAPEC
Prerequisiti
The target application must allow the user to send email to some recipient, to specify the content at least one header field in the message, and must fail to sanitize against the injection of command separators.The adversary must have the ability to access the target mail application.
Risorse richieste
None: No specialized resources are required to execute this type of attack.Vulnerabilità correlate
| Nome della vulnerabilità | |
|---|---|
CWE-150 |
Improper Neutralization of Escape, Meta, or Control Sequences The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component. |
Invio
| Nome | Organizzazione | Data | Data di rilascio |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifiche
| Nome | Organizzazione | Data | Commento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Related_Attack_Patterns, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
