CAPEC-240: Resource Injection

An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.

High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Overview

CAPEC-240 (Resource Injection) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-240: Resource Injection

Overview

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-240?

How do you prevent CAPEC-240?

What weaknesses does CAPEC-240 target?

How severe is CAPEC-240?

References

Defend against CAPEC-240

Overview

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Related weaknesses

Related attack patterns

Child

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-240?

How do you prevent CAPEC-240?

What weaknesses does CAPEC-240 target?

How severe is CAPEC-240?

References

Defend against CAPEC-240