- What is CAPEC-15?
- An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
- How does a Command Delimiters attack work?
- It typically unfolds over 4 phases. It begins with: [Assess Target Runtime Environment] In situations where the runtime environment is not implicitly known, the attacker makes connections to the target system and tries to determine the system's runtime environment. Knowing the environment is vital to choosing the correct delimiters.
- How do you prevent CAPEC-15?
- Design: Perform allowlist validation against a positive specification for command length, type, and parameters.
- What weaknesses does CAPEC-15 target?
- CAPEC-15 exploits 11 CWE weaknesses, including CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection')), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-93 (Improper Neutralization of CRLF Sequences ('CRLF Injection')), CWE-138 (Improper Neutralization of Special Elements).
- How severe is CAPEC-15?
- MITRE rates CAPEC-15 as High severity with high likelihood of attack.