An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.
|
|
| ID | CAPEC-154 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 154 |
| Abstraction | Meta |
| Status | Stable |
| Alternate Terms | |
| Likelihood Of Attack | Medium |
| Typical Severity | Medium |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::None. All applications rely on file paths and therefore, in theory, they or their resources could be affected by this type of attack.:: |
| Skills Required | |
| Resources Required | ::None: No specialized resources are required to execute this type of attack.:: |
| Indicators | |
| Consequences | ::SCOPE:Authorization:TECHNICAL IMPACT:Execute Unauthorized Commands:NOTE:Run Arbitrary Code:: |
| Mitigations | ::Monitor network activity to detect any anomalous or unauthorized communication exchanges.:: |
| Example Instances | |
| Related Weaknesses | ::451:: |
| Taxonomy Mappings | |
| Notes | |