CAPEC - Common Attack Pattern Enumeration and Classification (A Community of Knowledge Resource for Building Secure Software)
Home > CAPEC List > CAPEC-154: Resource Location Attacks (Release 1.4)  

CAPEC-154: Resource Location Attacks

 
Resource Location Attacks
Attack Pattern ID: 154 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description

Summary

An attacker utilizes discovered or crafted file path information for the purpose of locating and exploiting a security sensitive resource. This category of attack involves the paths used by an application to store or retrieve resources. Specifically, attacks in this category involve manipulating the path, causing the application to look in location unintended by the application maintainer, or determining the paths through prediction or lookup. This differs from File Manipulation attacks in which the contents of the files are affected or where the files themselves are physically moved. Instead, this attack simply concerns itself with the paths used to find or create resources.

+ Attack Prerequisites

    None. All applications rely on file paths and so, in theory, they or their resources could be affected by this attack.

+ Resources Required

No special resources are required for most variants of this attack.

Back to top
Page Last Updated: September 23, 2009
 

CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

Vision and Technical Leadership provided by Cigital, Inc.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.

Contact capec@mitre.org for more information.
Privacy policy
Terms of use
Contact us