Standardseverity: MediumDraft

CAPEC-134Email Injection

Abstraction
Standard
Status
Draft
Severity
Medium

Description

An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol. Metadata: standard CAPEC pattern, status draft, severity medium. Underlying weakness: CWE-150. Related CAPEC pattern: [object Object]. Metadata: standard CAPEC pattern, status draft, severity medium. Underlying weakness: CWE-150. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-150

Related attack patterns· 1

CAPEC-137 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Escape, Meta, or Control Sequencescwe-150100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC
IMAP/SMTP Command Injection
CAPEC
Parameter Injection
CAPEC
Command Injection
CAPEC
Resource Injection
CAPEC
Input Data Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.