1. Home
  2. CAPEC
  3. CAPEC-141

CAPEC-141: Cache Poisoning

ID CAPEC-141
Typical Severity High
Likelihood Of Attack High
Status Draft

An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.

https://capec.mitre.org/data/definitions/141.html

Weaknesses

# ID Name Type
CWE-345 Insufficient Verification of Data Authenticity weakness
CWE-346 Origin Validation Error weakness
CWE-348 Use of Less Trusted Source weakness
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data weakness

Taxonomiy Mapping

Type # ID Name
ATTACK 1557.002 Adversary-in-the-Middle: ARP Cache Poisoning
OWASP Attacks Cache Poisoning