Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-141:Cache Poisoning
Attack Pattern ID:141
Version:v3.9
Attack Pattern Name:Cache Poisoning
Abstraction:Standard
Status:Draft
Likelihood of Attack:High
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
4Weaknesses found
CWE-345
Insufficient Verification of Data Authenticity
ShareView Details
Insufficient Verification of Data Authenticity
Likelihood of Exploit-Not Available
Mapping-Discouraged
Abstraction-Class
Found in465CVEs

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Impacts-
Unexpected StateVaries by Context
Tags-
ICS/OT (technology class)Unexpected State (impact)Varies by Context (impact)
As Seen In-
Simplified Mapping of Published Vulnerabilities
CWE-346
Origin Validation Error
ShareView Details
Origin Validation Error
Likelihood of Exploit-Not Available
Mapping-Allowed-with-Review
Abstraction-Class
Found in384CVEs

The product does not properly verify that the source of data or communication is valid.

Impacts-
Varies by ContextGain Privileges or Assume Identity
Tags-
Varies by Context (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available
CWE-348
Use of Less Trusted Source
ShareView Details
Use of Less Trusted Source
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in26CVEs

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

Impacts-
Bypass Protection MechanismGain Privileges or Assume Identity
Tags-
Bypass Protection Mechanism (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
CWE Cross-section
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
ShareView Details
Acceptance of Extraneous Untrusted Data With Trusted Data
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in24CVEs

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Impacts-
Bypass Protection MechanismModify Application Data
Tags-
Bypass Protection Mechanism (impact)Modify Application Data (impact)
As Seen In-
CWE Cross-section