CAPEC-152 Detalhe da Categoria

CAPEC-152

Inject Unexpected Items
Stable
2014-06-23
00h00 +00:00
2018-07-31
00h00 +00:00
CAPEC Mitre.org
Alerta para um CAPEC
Fique informado sobre quaisquer alterações para um CAPEC específico.
Gerenciar notificações

Nome: Inject Unexpected Items

Attack patterns within this category focus on the ability to control or disrupt the behavior of a target either through crafted data submitted via an interface for data input, or the installation and execution of malicious code on the target system. The former happens when an adversary adds material to their input that is interpreted by the application causing the targeted application to perform steps unintended by the application manager or causing the application to enter an unstable state. Attacks of this type differ from Data Structure Attacks in that the latter attacks subvert the underlying structures that hold user-provided data, either pre-empting interpretation of the input (in the case of Buffer Overflows) or resulting in values that the targeted application is unable to handle correctly (in the case of Integer Overflows). In Injection attacks, the input is interpreted by the application, but the attacker has included instructions to the interpreting functions that the target application then follows.

Lista de Membros CAPEC

CAPEC-137: Parameter Injection Base

CAPEC-175: Code Inclusion Base

CAPEC-240: Resource Injection Base

CAPEC-242: Code Injection Base

CAPEC-248: Command Injection Base

CAPEC-549: Local Execution of Code Base

CAPEC-624: Hardware Fault Injection Base

CAPEC-594: Traffic Injection Base

CAPEC-586: Object Injection Base

Informações CAPEC

Submissão

Nome Organização Data Data de lançamento
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modificações

Nome Organização Data Comentário
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00 Updated Relationships
CAPEC Content Team The MITRE Corporation 2017-01-09 +00:00 Updated Description, Relationships
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Relationships
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Description
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.