Home > CAPEC List > CAPEC-154: Resource Location Spoofing (Version 2.11)  

CAPEC-154: Resource Location Spoofing

 
Resource Location Spoofing
Definition in a New Window Definition in a New Window
Attack Pattern ID: 154
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.

+ Attack Prerequisites
  • None. All applications rely on file paths and therefore, in theory, they or their resources could be affected by this type of attack.

+ Typical Severity

Medium

+ Typical Likelihood of Exploit

Likelihood: Medium

+ Resources Required

None: No specialized resources are required to execute this type of attack.

+ Solutions and Mitigations

Monitor network activity to detect any anomalous or unauthorized communication exchanges.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Authorization
Execute unauthorized code or commands
Run Arbitrary Code
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Description SummaryInternal
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Attack_Motivation-Consequences, Attack_Prerequisites, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Description Summary, Resources_RequiredInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017