Question 1

What is CAPEC-240 — Resource Injection?

Accepted Answer

An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource. Metadata: meta CAPEC pattern, status stable, likelihood high, severity high. Underlying weakness: CWE-99.

Question 2

What is the authoritative source for CAPEC-240?

Accepted Answer

Resource Injection (CAPEC-240) is catalogued in MITRE CAPEC and curated for EU compliance use cases by SQUR.

CAPEC-240Resource Injection

Description

Related weaknesses· 1

Exploits1

Related by meaning· 6