CAPEC-253
Alerta para um CAPEC
Fique informado sobre quaisquer alterações para um CAPEC específico.
Descrições CAPEC
The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.
Informações CAPEC
Pré-requisitos
Target application server must allow remote files to be included.The malicious file must be placed on the remote machine previously.Mitigações
Minimize attacks by input validation and sanitization of any user data that will be used by the target application to locate a remote file to be included.Fraquezas Relacionadas
| Nome da Fraqueza | |
|---|---|
CWE-829 |
Inclusion of Functionality from Untrusted Control Sphere The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Referências
REF-614
OWASP Web Security Testing Guidehttps://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion.html
Submissão
| Nome | Organização | Data | Data de lançamento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificações
| Nome | Organização | Data | Comentário |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated References, Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns |
