Reflected File Download
Variants:
Direct Persistent Multiphase Session
Also Known As:
Malicious File Download
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Input Validation, Hardening
Invented In:
17/10/2014
Added In:
10/12/2014
Vector Operation Method:
Attackers can abuse path parameters and insecure content type headers to misled users into downloading malicious files crafted on-the-fly from trusted websites.