Home > CAPEC List > CAPEC-148: Content Spoofing (Version 2.11)  

CAPEC-148: Content Spoofing

Content Spoofing
Definition in a New Window Definition in a New Window
Attack Pattern ID: 148
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary modifies content to make it contain something other than what the original content producer intended while keeping the apparent source of the content unchanged. The term content spoofing is most often used to describe modification of web pages hosted by a target to display the adversary's content instead of the owner's content. However, any content can be spoofed, including the content of email messages, file transfers, or the content of other network communication protocols. Content can be modified at the source (e.g. modifying the source file for a web page) or in transit (e.g. intercepting and modifying a message between the sender and recipient). Usually, the adversary will attempt to hide the fact that the content has been modified, but in some cases, such as with web site defacement, this is not necessary. Content Spoofing can lead to malware exposure, financial fraud (if the content governs financial transactions), privacy violations, and other unwanted outcomes.

+ Attack Prerequisites
  • The target must provide content but fail to adequately protect it against modification.

    The adversary must have the means to alter data to which he/she is not authorized.

    If the content is to be modified in transit, the adversary must be able to intercept the targeted messages.

+ Typical Severity


+ Typical Likelihood of Exploit

Likelihood: Medium

+ Resources Required

If the content is to be modified in transit, the adversary requires a tool capable of intercepting the target's communication and generating/creating custom packets to impact the communications.

In some variants, the targeted content is altered so that all or some of it is redirected towards content published by the attacker (for example, images and frames in the target's web site might be modified to be loaded from a source controlled by the attacker). In these cases, the attacker requires the necessary resources to host the replacement content.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Modify application data
A successful content spoofing attack compromises the integrity of the application data.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Resources_Required, Typical_Likelihood_of_ExploitInternal
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Related_Attack_PatternsInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017