CAPEC-134
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol.
Informacje CAPEC
Wymagania wstępne
The target application must allow the user to send email to some recipient, to specify the content at least one header field in the message, and must fail to sanitize against the injection of command separators.The adversary must have the ability to access the target mail application.
Wymagane zasoby
None: No specialized resources are required to execute this type of attack.Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-150 |
Improper Neutralization of Escape, Meta, or Control Sequences The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component. |
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Related_Attack_Patterns, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
