CAPEC-154: Resource Location Spoofing
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.
前提条件
- None. All applications rely on file paths and therefore, in theory, they or their resources could be affected by this type of attack.
所需资源
- None: No specialized resources are required to execute this type of attack.
后果影响
影响范围: Authorization
技术影响: Execute Unauthorized Commands
说明: Run Arbitrary Code
缓解措施
Monitor network activity to detect any anomalous or unauthorized communication exchanges.