CWE-507 特洛伊木马
Trojan Horse
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 506 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 506 cwe_View_ID: 699 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Confidentiality', 'Integrity', 'Availability'] | Execute Unauthorized Code or Commands |
可能的缓解方案
Operation
策略:
Most antivirus software scans for Trojan Horses.
Installation
策略:
Verify the integrity of the software that is being installed.
Notes
Other Potentially malicious dynamic code compiled at runtime can conceal any number of attacks that will not appear in the baseline. The use of dynamically compiled code could also allow the injection of attacks on post-deployed applications. Terminology
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Landwehr | Trojan Horse |