CAPEC-134
Alerta para um CAPEC
Fique informado sobre quaisquer alterações para um CAPEC específico.
Descrições CAPEC
An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol.
Informações CAPEC
Pré-requisitos
The target application must allow the user to send email to some recipient, to specify the content at least one header field in the message, and must fail to sanitize against the injection of command separators.The adversary must have the ability to access the target mail application.
Recursos Necessários
None: No specialized resources are required to execute this type of attack.Fraquezas Relacionadas
| Nome da Fraqueza | |
|---|---|
CWE-150 |
Improper Neutralization of Escape, Meta, or Control Sequences The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component. |
Submissão
| Nome | Organização | Data | Data de lançamento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificações
| Nome | Organização | Data | Comentário |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Related_Attack_Patterns, Resources_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
