Home > CAPEC List > CAPEC-210: Abuse of Functionality (Version 2.4)  

CAPEC CATEGORY: Abuse of Functionality

 
Abuse of Functionality
Definition in a New Window Definition in a New Window
Category ID: 210
 
Status: Draft
+ Description

Summary

An attacker manipulates one or more functions of an application in order to perform an attack. This is a broad class of attacks wherein the attacker is able to alter the intended result or purpose of the functionality and thereby affect application behavior or information integrity. Outcomes can range from vandalism and reduction in service to the execution of arbitrary code on the target machine.
+ Attack Prerequisites
  • All applications are potentially vulnerable to this class of attack as all applications have by nature, intended functionality.

+ Resources Required

Attacker requirements will vary depending on the nature of the functionality to be manipulated.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
HasMemberCategoryCategory375WASC-42 - Abuse of Functionality
WASC Threat Classification 2.0333
ParentOfAttack PatternAttack Pattern48Passing Local Filenames to Functions That Expect a URL
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern54Probing an Application Through Targeting its Error Reporting
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern87Forceful Browsing
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern95WSDL Scanning
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern113API Abuse/Misuse
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern133Try All Common Application Switches and Options
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern141Cache Poisoning
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern184Software Integrity Attacks
Mechanisms of Attack (primary)1000
ParentOfCategoryCategory212Functionality Misuse
Mechanisms of Attack1000
ParentOfAttack PatternAttack Pattern213Directory Traversal
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern216Abuse of Communication Channels
Mechanisms of Attack1000
ParentOfAttack PatternAttack Pattern465Socket Capable Browser Plugins Result In Transparent Proxy Abuse
Mechanisms of Attack (primary)1000
MemberOfViewView1000Mechanisms of Attack
Mechanisms of Attack1000
+ Content History
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2013-12-18Updated Attack_Prerequisites, Description, Resources_RequiredInternal

Page Last Updated: April 10, 2014