615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 601–615 of 615 · page 13 of 13
| ID | Title | Summary |
|---|---|---|
| CAPEC-86 | XSS Through HTTP Headers | An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by … |
| CAPEC-87 | Forceful Browsing | An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar… |
| CAPEC-88 | OS Command Injection | In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to buil… |
| CAPEC-89 | Pharming | A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading pla… |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities | This attack targets command-line utilities available in a number of shells. An adversary can leverage a vulnerability found in a command-line utility to escala… |
| CAPEC-90 | Reflection Attack in Authentication Protocol | An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to … |
| CAPEC-91 | DEPRECATED: XSS in IMG Tags | This attack pattern has been deprecated as it is contained in the existing attack pattern "CAPEC-18 : XSS Targeting Non-Script Elements". Please refer to this … |
| CAPEC-92 | Forced Integer Overflow | This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The … |
| CAPEC-93 | Log Injection-Tampering-Forging | This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to misle… |
| CAPEC-94 | Adversary in the Middle (AiTM) | Metadata: meta CAPEC pattern, status stable, likelihood high, severity very high. Underlying weaknesses: CWE-300, CWE-290, CWE-593, CWE-287, CWE-294. Mapped AT… |
| CAPEC-95 | WSDL Scanning | This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocati… |
| CAPEC-96 | Block Access to Libraries | An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system… |
| CAPEC-97 | Cryptanalysis | Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret k… |
| CAPEC-98 | Phishing | Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the … |
| CAPEC-99 | DEPRECATED: XML Parser Attack | This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these C… |