CAPEC-253
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Descrizioni CAPEC
The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.
Informazioni CAPEC
Prerequisiti
Target application server must allow remote files to be included.The malicious file must be placed on the remote machine previously.Mitigazioni
Minimize attacks by input validation and sanitization of any user data that will be used by the target application to locate a remote file to be included.Vulnerabilità correlate
| Nome della vulnerabilità | |
|---|---|
CWE-829 |
Inclusion of Functionality from Untrusted Control Sphere The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Riferimenti
REF-614
OWASP Web Security Testing Guidehttps://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion.html
Invio
| Nome | Organizzazione | Data | Data di rilascio |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifiche
| Nome | Organizzazione | Data | Commento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated References, Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns |
