Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-240:Resource Injection
Attack Pattern ID:240
Version:v3.9
Attack Pattern Name:Resource Injection
Abstraction:Meta
Status:Stable
Likelihood of Attack:High
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ParentOfS610Cellular Data Injection
Nature: ParentOf
Type: Standard
ID: 610
Name: Cellular Data Injection
▼Execution Flow
▼Prerequisites
The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)
▼Skills Required
▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
ConfidentialityN/ARead DataN/A
IntegrityN/AModify DataN/A
Scope: Confidentiality
Likelihood: N/A
Impact: Read Data
Note: N/A
Scope: Integrity
Likelihood: N/A
Impact: Modify Data
Note: N/A
▼Mitigations
Ensure all input content that is delivered to client is sanitized against an acceptable content specification.
Perform input validation for all content.
Enforce regular patching of software.
▼Example Instances
▼Related Weaknesses
IDName
CWE-99Improper Control of Resource Identifiers ('Resource Injection')
ID: CWE-99
Name: Improper Control of Resource Identifiers ('Resource Injection')
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
OWASP AttacksN/AResource Injection
Taxonomy Name: OWASP Attacks
Entry ID: N/A
Entry Name: Resource Injection
▼Notes
▼References
Details not found