CAPEC-159: Redirect Access to Libraries
Description
Extended Description
For example, using a different character encoding might cause dangerous text to be treated as safe text. Alternatively, the attacker may use certain flags, such as file extensions, to make a target application believe that provided data should be handled using a certain interpreter when the data is not actually of the appropriate type. This can lead to bypassing protection mechanisms, forcing the target to use specific components for input processing, or otherwise causing the user's data to be handled differently than might otherwise be expected. This attack differs from Variable Manipulation in that Variable Manipulation attempts to subvert the target's processing through the value of the input while Input Data Manipulation seeks to control how the input is processed.
Severity :
Very High
Possibility :
High
Type :
Standard
Relationships with other CAPECs
This table shows the other attack patterns and high level categories that are related to this attack pattern.
Prerequisites
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- The target must utilize external libraries and must fail to verify the integrity of these libraries before using them.
Skills required
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- Low To modify the entries in the configuration file pointing to malicious libraries
- Medium To force symlink and timing issues for redirecting access to libraries
- High To reverse engineering the libraries and inject malicious code into the libraries
Taxonomy mappings
Mappings to ATT&CK, OWASP and other frameworks.
Related CWE
A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.
Visit http://capec.mitre.org/ for more details.