Detailedseverity: MediumDraft

CAPEC-387Navigation Remapping To Propagate Malicious Content

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic. Metadata: detailed CAPEC pattern, status draft, severity medium. Underlying weaknesses: CWE-471, CWE-345, CWE-346, CWE-602, CWE-311. Related CAPEC pattern: [object Object].

Related weaknesses· 5

CWE-471CWE-345CWE-346CWE-602CWE-311

Related attack patterns· 1

CAPEC-386 (ChildOf)

Exploits5

TypeTargetConfidenceTier
WeaknessMissing Encryption of Sensitive Datacwe-311100%live
WeaknessInsufficient Verification of Data Authenticitycwe-345100%live
WeaknessModification of Assumed-Immutable Data (MAID)cwe-471100%live
WeaknessOrigin Validation Errorcwe-346100%live
WeaknessClient-Side Enforcement of Server-Side Securitycwe-602100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Application API Navigation Remapping
CAPEC
Content Spoofing Via Application API Manipulation
CAPEC
Application API Button Hijacking
CAPEC
Application API Message Manipulation via Man-in-the-Middle
CAPEC
HTTP Response Smuggling
CAPEC
Clickjacking
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.