CAPEC-594: Traffic Injection
An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.
Last updated
Overview
CAPEC-594 (Traffic Injection) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The target application must leverage an open communications channel.
- The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).
Resources required
- A tool, such as a MITM Proxy, that is capable of generating and injecting custom inputs to be used in the attack.
Consequences
What a successful CAPEC-594 attack can achieve.
Unreliable Execution
Affects: Availability
The injection of specific content into a connection can trigger a disruption in that communications channel, thereby denying availability of the service.
Other
Affects: Integrity
An adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.
Frequently asked questions
Common questions about CAPEC-594.
- What is CAPEC-594?
- An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.
- What weaknesses does CAPEC-594 target?
- CAPEC-594 exploits 1 CWE weakness, including CWE-940 (Improper Verification of Source of a Communication Channel).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-594
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.