An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.
|
|
| ID | CAPEC-594 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 594 |
| Abstraction | Meta |
| Status | Stable |
| Alternate Terms | |
| Likelihood Of Attack | |
| Typical Severity | |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::The target application must leverage an open communications channel.::The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).:: |
| Skills Required | |
| Resources Required | ::A tool, such as a MITM Proxy, that is capable of generating and injecting custom inputs to be used in the attack.:: |
| Indicators | |
| Consequences | ::SCOPE:Availability:TECHNICAL IMPACT:Unreliable Execution:NOTE:The injection of specific content into a connection can trigger a disruption in that communications channel, thereby denying availability of the service.::SCOPE:Integrity:TECHNICAL IMPACT:Other:NOTE:An adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.:: |
| Mitigations | |
| Example Instances | |
| Related Weaknesses | ::940:: |
| Taxonomy Mappings | |
| Notes | |