Dettaglio CAPEC-201

CAPEC-201

Serialized Data External Linking
Alto
Alto
Draft
2014-06-23
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Gestione notifiche

Descrizioni CAPEC

An adversary creates a serialized data file (e.g. XML, YAML, etc...) that contains an external data reference. Because serialized data parsers may not validate documents with external references, there may be no checks on the nature of the reference in the external data. This can allow an adversary to open arbitrary files or connections, which may further lead to the adversary gaining access to information on the system that they would normally be unable to obtain.

Informazioni CAPEC

Flusso di esecuzione

1) Explore

[Survey the target] Using a browser or an automated tool, an adversary records all instances of web services that process requests with serialized data.

Tecnica
  • Use an automated tool to record all instances of URLs that process requests with serialized data.
  • Use a browser to manually explore the website and analyze how the application processes serialized data requests.
2) Exploit

[Craft malicious payload] The adversary crafts malicious data message that contains references to sensitive files.

3) Exploit

[Launch an External Linking attack] Send the malicious crafted message containing the reference to a sensitive file to the target URL.

Prerequisiti

The target must follow external data references without validating the validity of the reference target.

Competenze richieste

To send serialized data messages with maliciously crafted schema.

Risorse richieste

None: No specialized resources are required to execute this type of attack.

Mitigazioni

Configure the serialized data processor to only retrieve external entities from trusted sources.

Vulnerabilità correlate

CWE-ID Nome della vulnerabilità

CWE-829

 Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Riferimenti

REF-73

XXE (Xml eXternal Entity) Attack
http://www.securiteam.com/securitynews/6D0100A5PU.html

REF-74

CESA-2007-002 - rev 2: Sun JDK6 breaks XXE attack protection
http://scary.beasts.org/security/CESA-2007-002.html

Invio

Nome Organizzazione Data Data di rilascio
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifiche

Nome Organizzazione Data Commento
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Activation_Zone, Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Examples-Instances, Injection_Vector, Methods_of_Attack, Payload, Payload_Activation_Impact, Resources_Required, Typical_Likelihood_of_Exploit, Typical_Severity
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attack_Phases, Description Summary, Related_Attack_Patterns, Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated @Name, Description, Execution_Flow, Mitigations, Skills_Required
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Consequences, Description
CAPEC Content Team The MITRE Corporation 2021-10-21 +00:00 Updated Description, Example_Instances, Execution_Flow, Prerequisites
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Example_Instances, Related_Attack_Patterns
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.