615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 51–100 of 341 in Detailed · page 2 of 7
| ID | Title | Summary |
|---|---|---|
| CAPEC-211 | DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior | This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Metadata: detailed CAPEC pattern, status deprecated. Metadata… |
| CAPEC-214 | DEPRECATED: Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping | This attack pattern has been deprecated as it was merged into "CAPEC-215 : Fuzzing for application mapping". Please refer to this other CAPEC going forward. M… |
| CAPEC-215 | Fuzzing for application mapping | An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Th… |
| CAPEC-218 | Spoofing of UDDI/ebXML Messages | An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standard… |
| CAPEC-221 | Data Serialization External Entities Blowup | This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replaceme… |
| CAPEC-222 | iFrame Overlay | In an iFrame overlay attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from seemingly completely… |
| CAPEC-226 | Session Credential Falsification through Manipulation | An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a ser… |
| CAPEC-228 | DTD Injection | An attacker injects malicious content into an application's DTD in an attempt to produce a negative technical impact. DTDs are used to describe how XML documen… |
| CAPEC-229 | Serialized Data Parameter Blowup | This attack exploits certain serialized data parsers (e.g., XML, YAML, etc.) which manage data in an inefficient manner. The attacker crafts an serialized data… |
| CAPEC-235 | DEPRECATED: Implementing a callback to system routine (old AWT Queue) | This attack pattern has been deprecated. Please refer to CAPEC:30 - Hijacking a Privileged Thread of Execution. Metadata: detailed CAPEC pattern, status depre… |
| CAPEC-236 | DEPRECATED: Catching exception throw/signal from privileged block | This attack pattern has been deprecated as it did not have enough distinction from CAPEC-30 : Hijacking a Privileged Thread of Execution. Please refer to CAPEC… |
| CAPEC-237 | Escaping a Sandbox by Calling Code in Another Language | The attacker may submit malicious code of another language to obtain access to privileges that were not intentionally exposed by the sandbox, thus escaping the… |
| CAPEC-238 | DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege | This attack pattern has been deprecated as it did not appear to be a valid attack pattern. Metadata: detailed CAPEC pattern, status deprecated. Metadata: det… |
| CAPEC-239 | DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc. | This attack pattern has been deprecated as it did not contain any content and did not serve any useful purpose. Please refer to "CAPEC-207: removing Important … |
| CAPEC-24 | Filter Failure through Buffer Overflow | In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the… |
| CAPEC-243 | XSS Targeting HTML Attributes | An adversary inserts commands to perform cross-site scripting (XSS) actions in HTML attributes. Many filters do not adequately sanitize attributes against the … |
| CAPEC-244 | XSS Targeting URI Placeholders | An attack of this type exploits the ability of most browsers to interpret "data", "javascript" or other URI schemes as client-side executable content placehold… |
| CAPEC-245 | XSS Using Doubled Characters | The adversary bypasses input validation by using doubled characters in order to perform a cross-site scripting attack. Some filters fail to recognize dangerous… |
| CAPEC-246 | DEPRECATED: XSS Using Flash | This pattern has been deprecated as it is covered by a chaining relationship between CAPEC-174: Flash Parameter Injection and CAPEC-591: Stored XSS. Please ref… |
| CAPEC-247 | XSS Using Invalid Characters | An adversary inserts invalid characters in identifiers to bypass application filtering of input. Filters may not scan beyond invalid characters but during late… |
| CAPEC-252 | PHP Local File Inclusion | The attacker loads and executes an arbitrary local PHP file on a target machine. The attacker could use this to try to load old versions of PHP files that have… |
| CAPEC-254 | DEPRECATED: DTD Injection in a SOAP Message | This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the pattern CAPEC-228 : DTD Injection going fo… |
| CAPEC-256 | SOAP Array Overflow | An attacker sends a SOAP request with an array whose actual length exceeds the length indicated in the request. If the server processing the transmission naive… |
| CAPEC-258 | DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update | This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAP… |
| CAPEC-260 | DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution | This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAP… |
| CAPEC-261 | Fuzzing for garnering other adjacent user/sensitive data | An adversary who is authorized to send queries to a target sends variants of expected queries in the hope that these modified queries might return information … |
| CAPEC-263 | Force Use of Corrupted Files | This describes an attack where an application is forced to use a file that an attacker has corrupted. The result is often a denial of service caused by the app… |
| CAPEC-27 | Leveraging Race Conditions via Symbolic Links | This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not oth… |
| CAPEC-270 | Modification of Registry Run Keys | An adversary adds a new entry to the "run keys" in the Windows registry so that an application of their choosing is executed when a user logs in. In this way, … |
| CAPEC-273 | HTTP Response Smuggling | Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Underlying weaknesses: CWE-74, CWE-436, CWE-444. Related CAPEC patterns: [ob… |
| CAPEC-274 | HTTP Verb Tampering | An attacker modifies the HTTP Verb (e.g. GET, PUT, TRACE, etc.) in order to bypass access restrictions. Some web environments allow administrators to restrict … |
| CAPEC-275 | DNS Rebinding | An adversary serves content whose IP address is resolved by a DNS server that the adversary controls. After initial contact by a web browser (or similar client… |
| CAPEC-279 | SOAP Manipulation | Simple Object Access Protocol (SOAP) is used as a communication protocol between a client and server to invoke web services on the server. It is an XML-based p… |
| CAPEC-280 | DEPRECATED: SOAP Parameter Tampering | This attack pattern has been deprecated as its contents have been included in CAPEC-279 : SOAP Manipulation. Please refer to this other pattern going forward. … |
| CAPEC-285 | ICMP Echo Request Ping | An adversary sends out an ICMP Type 8 Echo Request, commonly known as a 'Ping', in order to determine if a target system is responsive. If the request is not b… |
| CAPEC-287 | TCP SYN Scan | An adversary uses a SYN scan to determine the status of ports on the remote target. SYN scanning is the most common type of port scanning that is used because … |
| CAPEC-290 | Enumerate Mail Exchange (MX) Records | An adversary enumerates the MX records for a given via a DNS query. This type of information gathering returns the names of mail servers on the network. Mail s… |
| CAPEC-291 | DNS Zone Transfers | An attacker exploits a DNS misconfiguration that permits a ZONE transfer. Some external DNS servers will return a list of IP address and valid hostnames. Under… |
| CAPEC-293 | Traceroute Route Enumeration | An adversary uses a traceroute utility to map out the route which data flows through the network in route to a target destination. Tracerouting can allow the a… |
| CAPEC-294 | ICMP Address Mask Request | An adversary sends an ICMP Type 17 Address Mask Request to gather information about a target's networking configuration. ICMP Address Mask Requests are defined… |
| CAPEC-295 | Timestamp Request | This pattern of attack leverages standard requests to learn the exact time associated with a target system. An adversary may be able to use the timestamp retur… |
| CAPEC-296 | ICMP Information Request | An adversary sends an ICMP Information Request to a host to determine if it will respond to this deprecated mechanism. ICMP Information Requests are a deprecat… |
| CAPEC-297 | TCP ACK Ping | An adversary sends a TCP segment with the ACK flag set to a remote host for the purpose of determining if the host is alive. This is one of several TCP 'ping' … |
| CAPEC-298 | UDP Ping | An adversary sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no re… |
| CAPEC-299 | TCP SYN Ping | An adversary uses TCP SYN packets as a means towards host discovery. Typical RFC 793 behavior specifies that when a TCP port is open, a host must respond to an… |
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters | Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading "ghost" characters (extra charact… |
| CAPEC-301 | TCP Connect Scan | An adversary uses full TCP connection attempts to determine if a port is open on the target system. The scanning process involves completing a 'three-way hands… |
| CAPEC-302 | TCP FIN Scan | An adversary uses a TCP FIN scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with the FIN bi… |
| CAPEC-303 | TCP Xmas Scan | An adversary uses a TCP XMAS scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with all possi… |
| CAPEC-304 | TCP Null Scan | An adversary uses a TCP NULL scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with no flags … |