An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.
|
|
| ID | CAPEC-240 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 240 |
| Abstraction | Meta |
| Status | Stable |
| Alternate Terms | |
| Likelihood Of Attack | High |
| Typical Severity | High |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file):: |
| Skills Required | |
| Resources Required | |
| Indicators | |
| Consequences | ::SCOPE:Confidentiality:TECHNICAL IMPACT:Read Data::SCOPE:Integrity:TECHNICAL IMPACT:Modify Data:: |
| Mitigations | ::Ensure all input content that is delivered to client is sanitized against an acceptable content specification.::Perform input validation for all content.::Enforce regular patching of software.:: |
| Example Instances | |
| Related Weaknesses | ::99:: |
| Taxonomy Mappings | TAXONOMY NAME:OWASP Attacks:ENTRY NAME:Resource Injection:: |
| Notes | |