CAPEC-242: Code Injection

An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.

High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Overview

CAPEC-242 (Code Injection) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-242: Code Injection

Overview

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-242?

How do you prevent CAPEC-242?

What weaknesses does CAPEC-242 target?

How severe is CAPEC-242?

References

Defend against CAPEC-242

Overview

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Related weaknesses

Related attack patterns

Child

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-242?

How do you prevent CAPEC-242?

What weaknesses does CAPEC-242 target?

How severe is CAPEC-242?

References

Defend against CAPEC-242