CAPEC-594
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.
Informacje CAPEC
Wymagania wstępne
The target application must leverage an open communications channel.The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).
Wymagane zasoby
A tool, such as a MITM Proxy, that is capable of generating and injecting custom inputs to be used in the attack.Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-940 |
Improper Verification of Source of a Communication Channel The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| Seamus Tuohy |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Prerequisites |
