Home > CAPEC List > CAPEC-253: Remote Code Inclusion (Version 2.6)  

CAPEC-253: Remote Code Inclusion

 
Remote Code Inclusion
Definition in a New Window Definition in a New Window
Attack Pattern ID: 253
Abstraction: Standard
Status: Draft
Completeness: Hook
+ Description

Summary

The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load files that the attacker placed on the remote machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

Page Last Updated: July 23, 2014