615 indexed
CAPECCAPEC attack patterns
615 MITRE CAPEC entries — attack patterns at meta, standard, and detailed abstraction levels. Filter by abstraction. Authored by Adam Lundqvist.
Showing 351–400 of 615 · page 8 of 13
| ID | Title | Summary |
|---|---|---|
| CAPEC-477 | Signature Spoofing by Mixing Signed and Unsigned Content | An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as … |
| CAPEC-478 | Modification of Windows Service Configuration | An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious b… |
| CAPEC-479 | Malicious Root Certificate | An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing … |
| CAPEC-48 | Passing Local Filenames to Functions That Expect a URL | This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead rece… |
| CAPEC-480 | Escaping Virtualization | An adversary gains access to an application, service, or device with the privileges of an authorized or privileged user by escaping the confines of a virtualiz… |
| CAPEC-481 | Contradictory Destinations in Traffic Routing Schemes | Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at … |
| CAPEC-482 | TCP Flood | An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakn… |
| CAPEC-484 | DEPRECATED: XML Client-Side Attack | This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these C… |
| CAPEC-485 | Signature Spoofing by Key Recreation | An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudoran… |
| CAPEC-486 | UDP Flood | An adversary may execute a flooding attack using the UDP protocol with the intent to deny legitimate users access to a service by consuming the available netwo… |
| CAPEC-487 | ICMP Flood | An adversary may execute a flooding attack using the ICMP protocol with the intent to deny legitimate users access to a service by consuming the available netw… |
| CAPEC-488 | HTTP Flood | An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the a… |
| CAPEC-489 | SSL Flood | An adversary may execute a flooding attack using the SSL protocol with the intent to deny legitimate users access to a service by consuming all the available r… |
| CAPEC-49 | Password Brute Forcing | An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because… |
| CAPEC-490 | Amplification | An adversary may execute an amplification where the size of a response is far greater than that of the request that generates it. The goal of this attack is to… |
| CAPEC-491 | Quadratic Data Expansion | An adversary exploits macro-like substitution to cause a denial of service situation due to excessive memory being allocated to fully expand the data. The resu… |
| CAPEC-492 | Regular Expression Exponential Blowup | An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situatio… |
| CAPEC-493 | SOAP Array Blowup | An adversary may execute an attack on a web service that uses SOAP messages in communication. By sending a very large SOAP array declaration to the web service… |
| CAPEC-494 | TCP Fragmentation | An adversary may execute a TCP Fragmentation attack against a target with the intention of avoiding filtering rules of network controls, by attempting to fragm… |
| CAPEC-495 | UDP Fragmentation | An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occur… |
| CAPEC-496 | ICMP Fragmentation | An attacker may execute a ICMP Fragmentation attack against a target with the intention of consuming resources or causing a crash. The attacker crafts a large … |
| CAPEC-497 | File Discovery | An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security paramet… |
| CAPEC-498 | Probe iOS Screenshots | An adversary examines screenshot images created by iOS in an attempt to obtain sensitive information. This attack targets temporary screenshots created by the … |
| CAPEC-499 | Android Intent Intercept | An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a var… |
| CAPEC-5 | Blue Boxing | Metadata: detailed CAPEC pattern, status obsolete, likelihood medium, severity very high. Underlying weakness: CWE-285. Related CAPEC pattern: [object Object].… |
| CAPEC-50 | Password Recovery Exploitation | An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same… |
| CAPEC-500 | WebView Injection | An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the i… |
| CAPEC-501 | Android Activity Hijack | An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malici… |
| CAPEC-502 | Intent Spoof | An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application's component in an attempt t… |
| CAPEC-503 | WebView Exposure | An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView's addJavascriptInte… |
| CAPEC-504 | Task Impersonation | An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or le… |
| CAPEC-505 | Scheme Squatting | An adversary, through a previously installed malicious application, registers for a URL scheme intended for a target application that has not been installed. T… |
| CAPEC-506 | Tapjacking | An adversary, through a previously installed malicious application, displays an interface that misleads the user and convinces them to tap on an attacker desir… |
| CAPEC-507 | Physical Theft | An adversary gains physical access to a system or device through theft of the item. Possession of a system or device enables a number of unique attacks to be e… |
| CAPEC-508 | Shoulder Surfing | In a shoulder surfing attack, an adversary observes an unaware individual's keystrokes, screen content, or conversations with the goal of obtaining sensitive i… |
| CAPEC-509 | Kerberoasting | Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently c… |
| CAPEC-51 | Poison Web Service Registry | SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phis… |
| CAPEC-510 | SaaS User Request Forgery | An adversary, through a previously installed malicious application, performs malicious actions against a third-party Software as a Service (SaaS) application (… |
| CAPEC-511 | Infiltration of Software Development Environment | An attacker uses common delivery mechanisms such as email attachments or removable media to infiltrate the IDE (Integrated Development Environment) of a victim… |
| CAPEC-516 | Hardware Component Substitution During Baselining | An adversary with access to system components during allocated baseline development can substitute a maliciously altered hardware component for a baseline comp… |
| CAPEC-517 | Documentation Alteration to Circumvent Dial-down | An attacker with access to a manufacturer's documentation, which include descriptions of advanced technology and/or specific components' criticality, alters th… |
| CAPEC-518 | Documentation Alteration to Produce Under-performing Systems | An attacker with access to a manufacturer's documentation alters the descriptions of system capabilities with the intent of causing errors in derived system re… |
| CAPEC-519 | Documentation Alteration to Cause Errors in System Design | An attacker with access to a manufacturer's documentation containing requirements allocation and software design processes maliciously alters the documentation… |
| CAPEC-52 | Embedding NULL Bytes | An adversary embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in man… |
| CAPEC-520 | Counterfeit Hardware Component Inserted During Product Assembly | An adversary with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counte… |
| CAPEC-521 | Hardware Design Specifications Are Altered | An attacker with access to a manufacturer's hardware manufacturing process documentation alters the design specifications, which introduces flaws advantageous … |
| CAPEC-522 | Malicious Hardware Component Replacement | An adversary replaces legitimate hardware in the system with faulty counterfeit or tampered hardware in the supply chain distribution channel, with purpose of … |
| CAPEC-523 | Malicious Software Implanted | An attacker implants malicious software into the system in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for … |
| CAPEC-524 | Rogue Integration Procedures | An attacker alters or establishes rogue processes in an integration facility in order to insert maliciously altered components into the system. The attacker wo… |
| CAPEC-528 | XML Flood | An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished … |