615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 1–50 of 341 in Detailed · page 1 of 7
| ID | Title | Summary |
|---|---|---|
| CAPEC-10 | Buffer Overflow via Environment Variables | This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environm… |
| CAPEC-101 | Server Side Include (SSI) Injection | An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attac… |
| CAPEC-102 | Session Sidejacking | Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network lookin… |
| CAPEC-105 | HTTP Request Splitting | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weaknesses: CWE-74, CWE-113, CWE-138, CWE-436. Related CAPEC patt… |
| CAPEC-106 | DEPRECATED: XSS through Log Files | This attack pattern has been deprecated as it referes to an existing chain relationship between "CAPEC-93 : Log Injection-Tampering-Forging" and "CAPEC-63 : Cr… |
| CAPEC-107 | Cross Site Tracing | Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of t… |
| CAPEC-108 | Command Line Execution through SQL Injection | An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives su… |
| CAPEC-109 | Object Relational Mapping Injection | An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that… |
| CAPEC-11 | Cause Web Server Misclassification | An attack of this type exploits a Web server's decision to take action based on filename or file extension. Because different file types are handled by differe… |
| CAPEC-110 | SQL Injection through SOAP Parameter Tampering | An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On t… |
| CAPEC-120 | Double Encoding | The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfusca… |
| CAPEC-127 | Directory Indexing | An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering dir… |
| CAPEC-13 | Subverting Environment Variable Values | The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target sof… |
| CAPEC-132 | Symlink Attack | An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a fil… |
| CAPEC-139 | Relative Path Traversal | An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose … |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow | This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile ser… |
| CAPEC-142 | DNS Cache Poisoning | A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary … |
| CAPEC-143 | Detect Unpublicized Web Pages | An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information t… |
| CAPEC-144 | Detect Unpublicized Web Services | An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but availab… |
| CAPEC-145 | Checksum Spoofing | An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message … |
| CAPEC-146 | XML Schema Poisoning | An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the t… |
| CAPEC-147 | XML Ping of the Death | An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of se… |
| CAPEC-149 | Explore for Predictable Temporary File Names | An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the targe… |
| CAPEC-155 | Screen Temporary Files for Sensitive Information | An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine… |
| CAPEC-158 | Sniffing Network Traffic | In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at… |
| CAPEC-16 | Dictionary-based Password Attack | Metadata: detailed CAPEC pattern, status draft, likelihood medium, severity high. Underlying weaknesses: CWE-521, CWE-262, CWE-263, CWE-654, CWE-307 (and 2 mor… |
| CAPEC-162 | Manipulating Hidden Fields | An adversary exploits a weakness in the server's trust of client-side processing by modifying data on the client-side, such as price information, and then subm… |
| CAPEC-163 | Spear Phishing | An adversary targets a specific user or group with a Phishing (CAPEC-98) attack tailored to a category of users in order to have maximum relevance and deceptiv… |
| CAPEC-164 | Mobile Phishing | An adversary targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Mobile P… |
| CAPEC-168 | Windows ::DATA Alternate Data Stream | An attacker exploits the functionality of Microsoft NTFS Alternate Data Streams (ADS) to undermine system security. ADS allows multiple "files" to be stored in… |
| CAPEC-170 | Web Application Fingerprinting | An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the targ… |
| CAPEC-174 | Flash Parameter Injection | An adversary takes advantage of improper data validation to inject malicious global parameters into a Flash file embedded within an HTML document. Flash files … |
| CAPEC-177 | Create files with the same name as files protected with a higher classification | An attacker exploits file location algorithms in an operating system or application by creating a file with the same name as a protected or privileged file. Th… |
| CAPEC-178 | Cross-Site Flashing | An attacker is able to trick the victim into executing a Flash document that passes commands or calls to a Flash player browser plugin, allowing the attacker t… |
| CAPEC-18 | XSS Targeting Non-Script Elements | This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (… |
| CAPEC-181 | Flash File Overlay | An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique… |
| CAPEC-187 | Malicious Automated Software Update via Redirection | An attacker exploits two layers of weaknesses in server or client software for automated update mechanisms to undermine the integrity of the target code-base. … |
| CAPEC-190 | Reverse Engineer an Executable to Expose Assumed Hidden Functionality | An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variet… |
| CAPEC-191 | Read Sensitive Constants Within an Executable | Metadata: detailed CAPEC pattern, status draft, severity low. Underlying weakness: CWE-798. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [o… |
| CAPEC-193 | PHP Remote File Inclusion | In this pattern the adversary is able to load and execute arbitrary code remotely available from the application. This is usually accomplished through an insec… |
| CAPEC-197 | Exponential Data Expansion | An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format langua… |
| CAPEC-198 | XSS Targeting Error Pages | An adversary distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block… |
| CAPEC-199 | XSS Using Alternate Syntax | An adversary uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For exampl… |
| CAPEC-200 | Removal of filters: Input filters, output filters, data masking | An attacker removes or disables filtering mechanisms on the target application. Input filters prevent invalid data from being sent to an application (for examp… |
| CAPEC-201 | Serialized Data External Linking | An adversary creates a serialized data file (e.g. XML, YAML, etc...) that contains an external data reference. Because serialized data parsers may not validate… |
| CAPEC-204 | Lifting Sensitive Data Embedded in Cache | An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or w… |
| CAPEC-205 | DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin) | This attack pattern has been deprecated as it is a duplicate of CAPEC-37 : Retrieve Embedded Sensitive Data. Please refer to this other pattern going forward. … |
| CAPEC-206 | Signing Malicious Code | The adversary extracts credentials used for code signing from a production environment and then uses these credentials to sign malicious content with the devel… |
| CAPEC-208 | Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements | An attacker removes or modifies the logic on a client associated with monetary calculations resulting in incorrect information being sent to the server. A serv… |
| CAPEC-209 | XSS Using MIME Type Mismatch | An adversary creates a file with scripting content but where the specified MIME type of the file is such that scripting is not expected. The adversary tricks t… |