Home > CAPEC List > CAPEC-563: Add Malicious File to Shared Webroot (Version 2.11)  

CAPEC-563: Add Malicious File to Shared Webroot

 
Add Malicious File to Shared Webroot
Definition in a New Window Definition in a New Window
Attack Pattern ID: 563
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.

+ Solutions and Mitigations

Ensure proper permissions on directories that are accessible through a web server. Disallow remote access to the web root. Disable execution on directories within the web root. Ensure that permissions of the web server process are only what is required by not using built-in accounts and instead create specific accounts to limit unnecessary access or permissions overlap across multiple systems.

+ References
[R.563.1] ATT&CK Project. "Shared Webroot (1051)". MITRE. <https://attack.mitre.org/wiki/Shared_webroot>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017