CAPEC - CAPEC-339: DEPRECATED: WASC-06 - Format String (Version 3.9)


Common Attack Pattern Enumeration and Classification A Community Resource for Identifying and Understanding Attacks

Home > CAPEC List > CAPEC-339: DEPRECATED: WASC-06 - Format String (Version 3.9)

CAPEC CATEGORY: DEPRECATED: WASC-06 - Format String

Category ID: 339

Summary

This category is related to the WASC Threat Classification 2.0 item Format String

Membership

Nature	Type	ID	Name
HasMember	Detailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.	67	String Format Overflow in syslog()

References

[REF-15] Robert Auger. "WASC Threat Classification 2.0". WASC-06 - Format String. The Web Application Security Consortium (WASC). <http://projects.webappsec.org/Format-String>.

Content History

Submissions
Submission Date	Submitter	Organization
2014-06-23 (Version 2.6)	CAPEC Content Team	The MITRE Corporation
2014-06-23 (Version 2.6)
Modifications
Modification Date	Modifier	Organization
2017-01-09 (Version 2.9)	CAPEC Content Team	The MITRE Corporation
2017-01-09 (Version 2.9)	Updated Relationships
2017-08-04 (Version 2.11)	CAPEC Content Team	The MITRE Corporation
2017-08-04 (Version 2.11)	Updated Relationships
2020-12-17 (Version 3.4)	CAPEC Content Team	The MITRE Corporation
2020-12-17 (Version 3.4)	Updated @Name, @Status
Previous Entry Names
Change Date	Previous Entry Name
2020-12-17 (Version 3.4)	WASC-06 - Format String

More information is available — Please select a different filter.

Page Last Updated or Reviewed: December 17, 2020


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.

Common Attack Pattern Enumeration and Classification

CAPEC CATEGORY: DEPRECATED: WASC-06 - Format String