CAPEC-253
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.
Informacje CAPEC
Wymagania wstępne
Target application server must allow remote files to be included.The malicious file must be placed on the remote machine previously.Łagodzenie
Minimize attacks by input validation and sanitization of any user data that will be used by the target application to locate a remote file to be included.Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-829 |
Inclusion of Functionality from Untrusted Control Sphere The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Odniesienia
REF-614
OWASP Web Security Testing Guidehttps://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion.html
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated References, Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns |
