CWE-SANS-Top-25/Risky-resource-management/CWE-494
Jump to navigation
Jump to search
CWE-494: Download of Code Without Integrity Check
Description
From the attacker's point of view, this attack consists of poisoning ARP cache or DNS entries or spoof DNS to substitute to a legitimate server and intercept/modify the traffic.
Risk measurement
| Weakness Prevalence | Medium |
|---|---|
| Remediation Cost | Medium to High |
| Attack Frequency | Rarely |
| Consequences | Code execution |
| Ease of Detection | Moderate |
| Attacker Awareness | Low |