CAPEC-154

Resource Location Spoofing
Medium
Medium
Stable
2014-06-23
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Descriptions CAPEC

An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.

Informations CAPEC

Prerequisites

None. All applications rely on file paths and therefore, in theory, they or their resources could be affected by this type of attack.

Resources Required

None: No specialized resources are required to execute this type of attack.

Mitigations

Monitor network activity to detect any anomalous or unauthorized communication exchanges.

Related Weaknesses

CWE-ID Weakness Name

CWE-451

 User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

Submission

Name Organization Date Date release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00 Updated Description Summary
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Description Summary, Resources_Required
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Related_Weaknesses