{ "id": "bundle--cad44c79-b3ba-42d6-93ce-89cdb3befa22", "objects": [ { "created": "2014-06-23T00:00:00.000Z", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "description": "An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.", "external_references": [ { "external_id": "CAPEC-240", "source_name": "capec", "url": "https://capec.mitre.org/data/definitions/240.html" }, { "external_id": "CWE-99", "source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/99.html" }, { "description": "Resource Injection", "source_name": "OWASP Attacks", "url": "https://owasp.org/www-community/attacks/Resource_Injection" } ], "id": "attack-pattern--12de9227-495b-49b2-859f-334a20197ba3", "modified": "2020-12-17T00:00:00.000Z", "name": "Resource Injection", "object_marking_refs": [ "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d" ], "spec_version": "2.1", "type": "attack-pattern", "x_capec_abstraction": "Meta", "x_capec_consequences": { "Confidentiality": [ "Read Data" ], "Integrity": [ "Modify Data" ] }, "x_capec_domains": [ "Communications", "Software" ], "x_capec_likelihood_of_attack": "High", "x_capec_parent_of_refs": [ "attack-pattern--b5cd5231-d7ef-4366-b713-a44d3f1134b4" ], "x_capec_prerequisites": [ "The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)" ], "x_capec_status": "Stable", "x_capec_typical_severity": "High", "x_capec_version": "3.9" } ], "type": "bundle" }