615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 1–50 of 197 in Standard · page 1 of 4
| ID | Title | Summary |
|---|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs | In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (A… |
| CAPEC-100 | Overflow Buffers | Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequenc… |
| CAPEC-103 | Clickjacking | An adversary tricks a victim into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different, usually… |
| CAPEC-104 | Cross Zone Scripting | An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to ex… |
| CAPEC-111 | JSON Hijacking (aka JavaScript Hijacking) | An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems … |
| CAPEC-12 | Choosing Message Identifier | This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by… |
| CAPEC-121 | Exploit Non-Production Interfaces | Metadata: standard CAPEC pattern, status stable, likelihood low, severity high. Underlying weaknesses: CWE-489, CWE-1209, CWE-1259, CWE-1267, CWE-1270 (and 5 m… |
| CAPEC-126 | Path Traversal | An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by … |
| CAPEC-128 | Integer Attacks | An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For exampl… |
| CAPEC-133 | Try All Common Switches | An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, … |
| CAPEC-134 | Email Injection | An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol. Metadata: s… |
| CAPEC-135 | Format String Injection | An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and… |
| CAPEC-136 | LDAP Injection | An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP quer… |
| CAPEC-138 | Reflection Injection | An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Jav… |
| CAPEC-140 | Bypassing of Intermediate Forms in Multiple-Form Sets | Some web applications require users to submit information through an ordered sequence of web forms. This is often done if there is a very large amount of infor… |
| CAPEC-141 | Cache Poisoning | An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack… |
| CAPEC-15 | Command Delimiters | An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of … |
| CAPEC-150 | Collect Data from Common Resource Locations | An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and re… |
| CAPEC-157 | Sniffing Attacks | In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear th… |
| CAPEC-159 | Redirect Access to Libraries | An adversary exploits a weakness in the way an application searches for external libraries to manipulate the execution flow to point to an adversary supplied l… |
| CAPEC-160 | Exploit Script-Based APIs | Some APIs support scripting instructions as arguments. Methods that take scripted instructions (or references to scripted instructions) can be very flexible an… |
| CAPEC-166 | Force the System to Reset Values | An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-depen… |
| CAPEC-167 | White Box Reverse Engineering | An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques invol… |
| CAPEC-17 | Using Malicious Files | An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell acces… |
| CAPEC-179 | Calling Micro-Services Directly | An attacker is able to discover and query Micro-services at a web location and thereby expose the Micro-services to further exploitation by gathering informati… |
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels | An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and the… |
| CAPEC-182 | Flash Injection | An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attac… |
| CAPEC-183 | IMAP/SMTP Command Injection | An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the In… |
| CAPEC-185 | Malicious Software Download | An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code that originates from an attacker controlled s… |
| CAPEC-186 | Malicious Software Update | An adversary uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originate… |
| CAPEC-189 | Black Box Reverse Engineering | An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods invol… |
| CAPEC-19 | Embedding Scripts within Scripts | An adversary leverages the capability to execute their own script by embedding it within other scripts that the target software is likely to execute due to pro… |
| CAPEC-194 | Fake the Source of Data | An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may… |
| CAPEC-195 | Principal Spoof | A Principal Spoof is a form of Identity Spoofing where an adversary pretends to be some other person in an interaction. This is often accomplished by crafting … |
| CAPEC-196 | Session Credential Falsification through Forging | An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themse… |
| CAPEC-2 | Inducing Account Lockout | An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate s… |
| CAPEC-20 | Encryption Brute Forcing | An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key th… |
| CAPEC-202 | Create Malicious Client | An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services th… |
| CAPEC-203 | Manipulate Registry Information | An adversary exploits a weakness in authorization in order to modify content within a registry (e.g., Windows Registry, Mac plist, application registry). Editi… |
| CAPEC-207 | Removing Important Client Functionality | An adversary removes or disables functionality on the client that the server assumes to be present and trustworthy. Metadata: standard CAPEC pattern, status d… |
| CAPEC-213 | DEPRECATED: Directory Traversal | This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-126 : Path Traversal". Please refer to this other CAPEC goin… |
| CAPEC-217 | Exploiting Incorrectly Configured SSL/TLS | An adversary takes advantage of incorrectly configured SSL/TLS communications that enables access to data intended to be encrypted. The adversary may also use … |
| CAPEC-219 | XML Routing Detour Attacks | An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XM… |
| CAPEC-220 | Client-Server Protocol Manipulation | An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocol… |
| CAPEC-23 | File Content Injection | An adversary poisons files with a malicious payload (targeting the file systems accessible by the target software), which may be passed through by standard cha… |
| CAPEC-230 | Serialized Data with Nested Payloads | Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject dat… |
| CAPEC-231 | Oversized Serialized Data Payloads | An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting syst… |
| CAPEC-234 | Hijacking a privileged process | An adversary gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assig… |
| CAPEC-249 | DEPRECATED: Linux Terminal Injection | This attack pattern has been deprecated as it is covered by "CAPEC-40 : Manipulating Writeable Terminal Devices". Please refer to this CAPEC going forward. Me… |
| CAPEC-250 | XML Injection | An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. Th… |