Detailedlikelihood: Highseverity: Very HighDraft

CAPEC-76Manipulating Web Input to File System Calls

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
Very High

Description

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible. Metadata: detailed CAPEC pattern, status draft, likelihood high, severity very high. Underlying weaknesses: CWE-23, CWE-22, CWE-73, CWE-77, CWE-346 (and 6 more). Related CAPEC pattern: [object Object].

Related weaknesses· 11

CWE-23CWE-22CWE-73CWE-77CWE-346CWE-348CWE-285CWE-272CWE-59CWE-74CWE-15

Related attack patterns· 1

CAPEC-126 (ChildOf)

Exploits11

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live
WeaknessImproper Authorizationcwe-285100%live
WeaknessExternal Control of File Name or Pathcwe-73100%live
WeaknessOrigin Validation Errorcwe-346100%live
WeaknessImproper Link Resolution Before File Access ('Link Following')cwe-59100%live
WeaknessRelative Path Traversalcwe-23100%live
WeaknessUse of Less Trusted Sourcecwe-348100%live
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-77100%live
WeaknessExternal Control of System or Configuration Settingcwe-15100%live
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-22100%live
WeaknessLeast Privilege Violationcwe-272100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
File Manipulation
CAPEC
Input Data Manipulation
CAPEC
Manipulating Writeable Configuration Files
CAPEC
OS Command Injection
CAPEC
User-Controlled Filename
CAPEC
Web Services Protocol Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.