Home > CAPEC List > CAPEC-210: Abuse Existing Functionality (Version 2.10)  

CAPEC CATEGORY: Abuse Existing Functionality

 
Abuse Existing Functionality
Definition in a New Window Definition in a New Window
Category ID: 210
 
Status: Stable
+ Description

Summary

An adversary uses or manipulates one or more functions of an application in order to achieve a malicious objective not originally intended by the application, or to deplete a resource to the point that the target's functionality is affected. This is a broad class of attacks wherein the adversary is able to alter the intended result or purpose of the functionality and thereby affect application behavior or information integrity. Outcomes can range from information exposure, vandalism, degrading or denial of service, as well as execution of arbitrary code on the target machine.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
HasMemberMeta Attack PatternMeta Attack Pattern113API Manipulation
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern125Flooding
Mechanisms of Attack1000
HasMemberMeta Attack PatternMeta Attack Pattern130Excessive Allocation
Mechanisms of Attack1000
HasMemberMeta Attack PatternMeta Attack Pattern131Resource Leak Exposure
Mechanisms of Attack1000
HasMemberMeta Attack PatternMeta Attack Pattern212Functionality Misuse
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern216Communication Channel Manipulation
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern227Sustained Client Engagement
Mechanisms of Attack1000
HasMemberMeta Attack PatternMeta Attack Pattern272Protocol Manipulation
Mechanisms of Attack (primary)1000
HasMemberCategoryCategory375WASC-42 - Abuse of Functionality
WASC Threat Classification 2.0333
HasMemberMeta Attack PatternMeta Attack Pattern554Functionality Bypass
Mechanisms of Attack (primary)1000
MemberOfViewView1000Mechanisms of Attack
Mechanisms of Attack1000
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated RelationshipsInternal
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Attack_Prerequisites, Description, Relationships, Resources_RequiredInternal
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Description, RelationshipsInternal
Previous Entry Names
DatePrevious Entry Name
2017-01-09Abuse of Functionality

More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017