CAPEC-387

Name

Navigation Remapping To Propagate Malicious Content

Typical severity

MEDIUM

Status

Draft

Published

2014-06-23 00:00 +00:00

Last Modified

2022-09-29 00:00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Alert management

List of Alerts

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Description

An adversary manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic.

Informations

Prerequisites

Targeted software is utilizing application framework APIs

Resources Required

A software program that allows the use of adversary-in-the-middle communications between the client and server, such as a man-in-the-middle proxy.

Related Weaknesses

CWE-ID	Weakness Name
CWE-471	Modification of Assumed-Immutable Data (MAID) The product does not properly protect an assumed-immutable element from being modified by an attacker.
CWE-345	Insufficient Verification of Data Authenticity The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
CWE-346	Origin Validation Error The product does not properly verify that the source of data or communication is valid.
CWE-602	Client-Side Enforcement of Server-Side Security The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
CWE-311	Missing Encryption of Sensitive Data The product does not encrypt sensitive or critical information before storage or transmission.

References

REF-327

So Many Ways [...]: Exploiting Facebook and YoVille
Tom Stracener, Sean Barnum.

Submission

Name	Organization	Date	Date Release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2019-09-30 +00:00	Updated @Abstraction
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Description, Resources_Required
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Description, Extended_Description

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

CAPEC-387

Alerte pour un CAPEC

Functionality requiring a connection

Description

Informations

Prerequisites

Resources Required

Related Weaknesses

References

REF-327

Submission

Modifications

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

CVE

OWASP

CISA KEV

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

No result found

Alert System

CAPEC-387 Detail

CAPEC-387

Alerte pour un CAPEC

Description

Informations

Prerequisites

Resources Required

Related Weaknesses

References

REF-327

Submission

Modifications