CWE-SANS-Top-25/Risky-resource-management/CWE-494

From aldeid
Jump to navigation Jump to search

CWE-494: Download of Code Without Integrity Check

Description

From the attacker's point of view, this attack consists of poisoning ARP cache or DNS entries or spoof DNS to substitute to a legitimate server and intercept/modify the traffic.

Risk measurement

Weakness Prevalence Medium
Remediation Cost Medium to High
Attack Frequency Rarely
Consequences Code execution
Ease of Detection Moderate
Attacker Awareness Low

Comments

Talk:CWE-SANS-Top-25/Risky-resource-management/CWE-494