CAPEC-154: Resource Location Spoofing
An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.
Last updated
Overview
CAPEC-154 (Resource Location Spoofing) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- None. All applications rely on file paths and therefore, in theory, they or their resources could be affected by this type of attack.
Resources required
- None: No specialized resources are required to execute this type of attack.
Consequences
What a successful CAPEC-154 attack can achieve.
Execute Unauthorized Commands
Affects: Authorization
Run Arbitrary Code
How to mitigate it
Defenses that reduce the risk of CAPEC-154.
- Monitor network activity to detect any anomalous or unauthorized communication exchanges.