CAPEC - VIEW GRAPH: CAPEC-1000: Mechanism of Attack (Release 1.4)

Home > CAPEC List > VIEW GRAPH: CAPEC-1000: Mechanism of Attack (Release 1.4)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

CAPEC-1000: Mechanism of Attack

Mechanism of Attack

Definition in a New Window

View ID: 1000 (View: Graph)

Status: Draft

View Data

View Structure: Graph

View Objective

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	118	Data Leakage Attacks	Mechanism of Attack1000
HasMember	Category	119	Resource Depletion	Mechanism of Attack1000
HasMember	Category	152	Injection (Injecting Control Plane content through the Data Plane)	Mechanism of Attack1000
HasMember	Category	156	Spoofing	Mechanism of Attack1000
HasMember	Category	172	Time and State Attacks	Mechanism of Attack1000
HasMember	Category	210	Abuse of Functionality	Mechanism of Attack1000
HasMember	Category	223	Probabilistic Techniques	Mechanism of Attack1000
HasMember	Category	225	Exploitation of Authentication	Mechanism of Attack1000
HasMember	Category	232	Exploitation of Privilege/Trust	Mechanism of Attack1000
HasMember	Category	255	Data Structure Attacks	Mechanism of Attack1000
HasMember	Category	262	Resource Manipulation	Mechanism of Attack1000
HasMember	Attack Pattern	286	Network Reconnaissance	Mechanism of Attack1000

	CAPECs in this view		Total CAPECs
Total	298	out of	310
Views	0	out of	5
Categories	18	out of	18
Attack Patterns	287	out of	287

Expand All | Collapse All

1000 - Mechanism of Attack

CategoryData Leakage Attacks - (118)Data Leakage Attacks - (118)

Attack PatternData Excavation Attacks - (116)Data Excavation Attacks - (116)

Attack PatternProbing an Application Through Targeting its Error Reporting - (54)Probing an Application Through Targeting its Error Reporting - (54)

Attack PatternFuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)

Attack PatternFuzzing and observing application log data/errors for application mapping - (215)Fuzzing and observing application log data/errors for application mapping - (215)

Attack PatternFuzzing for garnering (through web or log) other adjacent user/sensitive data as an authorized system user (overly broad but valid SQL queries) - (261)Fuzzing for garnering (through web or log) other adjacent user/sensitive data as an authorized system user (overly broad but valid SQL queries) - (261)

Attack PatternData Interception Attacks - (117)Data Interception Attacks - (117)

Attack PatternAccessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Attack PatternSniffing Attacks - (157)Sniffing Attacks - (157)

Attack PatternSniffing Information Sent Over Public/multicast Networks - (158)Sniffing Information Sent Over Public/multicast Networks - (158)

Attack PatternPassively Sniff and Capture Application Code Bound for Authorized Client - (65)Passively Sniff and Capture Application Code Bound for Authorized Client - (65)

Attack PatternPassively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update - (258)Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update - (258)

Attack PatternPassively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching - (259)Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching - (259)

Attack PatternPassively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution - (260)Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution - (260)

CategoryResource Depletion - (119)Resource Depletion - (119)

Attack PatternViolating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)

Attack PatternXML Parser Attack - (99)XML Parser Attack - (99)

Attack PatternRecursive Payloads Sent to XML Parsers - (230)Recursive Payloads Sent to XML Parsers - (230)

Attack PatternOversized Payloads Sent to XML Parsers - (231)Oversized Payloads Sent to XML Parsers - (231)

Attack PatternXML Ping of Death - (147)XML Ping of Death - (147)

Attack PatternXEE (XML Entity Expansion) - (197)XEE (XML Entity Expansion) - (197)

Attack PatternXML Attribute Blowup - (229)XML Attribute Blowup - (229)

Attack PatternResource Depletion through Flooding - (125)Resource Depletion through Flooding - (125)

Attack PatternResource Depletion through Allocation - (130)Resource Depletion through Allocation - (130)

Attack PatternResource Depletion through DTD Injection in a SOAP Message - (228)Resource Depletion through DTD Injection in a SOAP Message - (228)

Attack PatternResource Depletion through Leak - (131)Resource Depletion through Leak - (131)

Attack PatternDenial of Service through Resource Depletion - (227)Denial of Service through Resource Depletion - (227)

CategoryInjection (Injecting Control Plane content through the Data Plane) - (152)Injection (Injecting Control Plane content through the Data Plane) - (152)

CategoryRemote Code Inclusion - (253)Remote Code Inclusion - (253)

Attack PatternServer Side Include (SSI) Injection - (101)Server Side Include (SSI) Injection - (101)

Attack PatternPHP Remote File Inclusion - (193)PHP Remote File Inclusion - (193)

Attack PatternAnalog In-band Switching Signals (aka Blue Boxing) - (5)Analog In-band Switching Signals (aka Blue Boxing) - (5)

Attack PatternSQL Injection - (66)SQL Injection - (66)

Attack PatternBlind SQL Injection - (7)Blind SQL Injection - (7)

Attack PatternSQL Injection through SOAP Parameter Tampering - (110)SQL Injection through SOAP Parameter Tampering - (110)

Attack PatternObject Relational Mapping Injection - (109)Object Relational Mapping Injection - (109)

Attack PatternSQL Injection through SOAP Parameter Tampering - (110)SQL Injection through SOAP Parameter Tampering - (110)

Attack PatternEmail Injection - (134)Email Injection - (134)

Attack PatternUsing Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

Attack PatternFormat String Injection - (135)Format String Injection - (135)

Attack PatternLDAP Injection - (136)LDAP Injection - (136)

Attack PatternParameter Injection - (137)Parameter Injection - (137)

Attack PatternArgument Injection - (6)Argument Injection - (6)

Attack PatternCommand Delimiters - (15)Command Delimiters - (15)

Attack PatternOS Command Injection - (88)OS Command Injection - (88)

Attack PatternManipulating Input to File System Calls - (76)Manipulating Input to File System Calls - (76)

Attack PatternFlash Parameter Injection - (174)Flash Parameter Injection - (174)

Attack PatternReflection Injection - (138)Reflection Injection - (138)

Attack PatternCode Inclusion - (175)Code Inclusion - (175)

Attack PatternReverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)

Attack PatternRead Sensitive Stings Within an Executable - (191)Read Sensitive Stings Within an Executable - (191)

Attack PatternPHP Local File Inclusion - (252)PHP Local File Inclusion - (252)

Attack PatternLocal Code Inclusion - (251)Local Code Inclusion - (251)

Attack PatternResource Injection - (240)Resource Injection - (240)

Attack PatternFlash Injection - (182)Flash Injection - (182)

Attack PatternCross-Site Flashing - (178)Cross-Site Flashing - (178)

Attack PatternCode Injection - (241)Code Injection - (241)

Attack PatternFile System Function Injection, Content Based - (23)File System Function Injection, Content Based - (23)

Attack PatternScript Injection - (242)Script Injection - (242)

Attack PatternFile System Function Injection, Content Based - (23)File System Function Injection, Content Based - (23)

Attack PatternEmbedding Scripts in Nonscript Elements - (18)Embedding Scripts in Nonscript Elements - (18)

Attack PatternEmbedding Script (XSS ) in HTTP Headers - (86)Embedding Script (XSS ) in HTTP Headers - (86)

Attack PatternCross Site Tracing - (107)Cross Site Tracing - (107)

Attack PatternEmbedding Scripts in HTTP Query Strings - (32)Embedding Scripts in HTTP Query Strings - (32)

Attack PatternXSS in IMG Tags - (91)XSS in IMG Tags - (91)

Attack PatternCross Site Scripting through Log Files - (106)Cross Site Scripting through Log Files - (106)

Attack PatternCross-Site Scripting in Error Pages - (198)Cross-Site Scripting in Error Pages - (198)

Attack PatternCross-Site Scripting Using Alternate Syntax - (199)Cross-Site Scripting Using Alternate Syntax - (199)

Attack PatternCross-Site Scripting Using MIME Type Mismatch - (209)Cross-Site Scripting Using MIME Type Mismatch - (209)

Attack PatternCross-Site Scripting in Attributes - (243)Cross-Site Scripting in Attributes - (243)

Attack PatternCross-Site Scripting via Encoded URI Schemes - (244)Cross-Site Scripting via Encoded URI Schemes - (244)

Attack PatternCross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript - (245)Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript - (245)

Attack PatternCross-Site Scripting Using Flash - (246)Cross-Site Scripting Using Flash - (246)

Attack PatternCross-Site Scripting with Masking through Invalid Characters in Identifiers - (247)Cross-Site Scripting with Masking through Invalid Characters in Identifiers - (247)

Attack PatternEmbedding Scripts within Scripts - (19)Embedding Scripts within Scripts - (19)

Attack PatternSimple Script Injection - (63)Simple Script Injection - (63)

Attack PatternUser-Controlled Filename - (73)User-Controlled Filename - (73)

Attack PatternEmbedding Scripts in Nonscript Elements - (18)Embedding Scripts in Nonscript Elements - (18)

Attack PatternEmbedding Script (XSS ) in HTTP Headers - (86)Embedding Script (XSS ) in HTTP Headers - (86)

Attack PatternCross Site Tracing - (107)Cross Site Tracing - (107)

Attack PatternEmbedding Scripts in HTTP Query Strings - (32)Embedding Scripts in HTTP Query Strings - (32)

Attack PatternXSS in IMG Tags - (91)XSS in IMG Tags - (91)

Attack PatternCross Site Scripting through Log Files - (106)Cross Site Scripting through Log Files - (106)

Attack PatternCross-Site Scripting in Error Pages - (198)Cross-Site Scripting in Error Pages - (198)

Attack PatternCross-Site Scripting Using Alternate Syntax - (199)Cross-Site Scripting Using Alternate Syntax - (199)

Attack PatternCross-Site Scripting Using MIME Type Mismatch - (209)Cross-Site Scripting Using MIME Type Mismatch - (209)

Attack PatternCross-Site Scripting in Attributes - (243)Cross-Site Scripting in Attributes - (243)

Attack PatternCross-Site Scripting via Encoded URI Schemes - (244)Cross-Site Scripting via Encoded URI Schemes - (244)

Attack PatternCross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript - (245)Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript - (245)

Attack PatternCross-Site Scripting Using Flash - (246)Cross-Site Scripting Using Flash - (246)

Attack PatternCross-Site Scripting with Masking through Invalid Characters in Identifiers - (247)Cross-Site Scripting with Masking through Invalid Characters in Identifiers - (247)

Attack PatternCross Site Scripting through Log Files - (106)Cross Site Scripting through Log Files - (106)

Attack PatternUsing Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

Attack PatternCommand Injection - (248)Command Injection - (248)

Attack PatternCommand Delimiters - (15)Command Delimiters - (15)

Attack PatternOS Command Injection - (88)OS Command Injection - (88)

Attack PatternCommand Line Execution through SQL Injection - (108)Command Line Execution through SQL Injection - (108)

Attack PatternIMAP/SMTP Command Injection - (183)IMAP/SMTP Command Injection - (183)

Attack PatternCharacter Injection - (249)Character Injection - (249)

Attack PatternManipulating Writeable Terminal Devices - (40)Manipulating Writeable Terminal Devices - (40)

Attack PatternXML Injection - (250)XML Injection - (250)

Attack PatternXPath Injection - (83)XPath Injection - (83)

Attack PatternXQuery Injection - (84)XQuery Injection - (84)

Attack PatternDTD Injection in a SOAP Message - (254)DTD Injection in a SOAP Message - (254)

CategorySpoofing - (156)Spoofing - (156)

Attack PatternContent Spoofing - (148)Content Spoofing - (148)

Attack PatternLeveraging/Manipulating Configuration File Search Paths - (38)Leveraging/Manipulating Configuration File Search Paths - (38)

Attack PatternChecksum Spoofing - (145)Checksum Spoofing - (145)

Attack PatternFake the Source of Data - (194)Fake the Source of Data - (194)

Attack PatternSpoofing of UDDI/ebXML Messages - (218)Spoofing of UDDI/ebXML Messages - (218)

Attack PatternIdentity Spoofing (Impersonation) - (151)Identity Spoofing (Impersonation) - (151)

Attack PatternMan in the Middle Attack - (94)Man in the Middle Attack - (94)

Attack PatternUtilizing REST's Trust in the System Resource to Register Man in the Middle - (57)Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)

Attack PatternXML Routing Detour Attacks - (219)XML Routing Detour Attacks - (219)

Attack PatternPharming - (89)Pharming - (89)

Attack PatternPhishing - (98)Phishing - (98)

Attack PatternSpear Phishing - (163)Spear Phishing - (163)

Attack PatternMobile Phishing (aka MobPhishing) - (164)Mobile Phishing (aka MobPhishing) - (164)

Attack PatternPrincipal Spoofing - (195)Principal Spoofing - (195)

Attack PatternCreate Malicious Client - (202)Create Malicious Client - (202)

Attack PatternClient-Server Protocol Manipulation - (220)Client-Server Protocol Manipulation - (220)

Attack PatternReflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Attack PatternEmbedding Script (XSS ) in HTTP Headers - (86)Embedding Script (XSS ) in HTTP Headers - (86)

Attack PatternCross Site Tracing - (107)Cross Site Tracing - (107)

Attack PatternEmbedding Scripts in HTTP Query Strings - (32)Embedding Scripts in HTTP Query Strings - (32)

Attack PatternHTTP Request Smuggling - (33)HTTP Request Smuggling - (33)

Attack PatternHTTP Response Splitting - (34)HTTP Response Splitting - (34)

Attack PatternHTTP Request Splitting - (105)HTTP Request Splitting - (105)

Attack PatternMalicious Automated Software Update - (187)Malicious Automated Software Update - (187)

Attack PatternHTTP Response Smuggling - (273)HTTP Response Smuggling - (273)

Attack PatternHTTP Verb Tampering - (274)HTTP Verb Tampering - (274)

Attack PatternExternal Entity Attack - (221)External Entity Attack - (221)

Attack PatternAction Spoofing - (173)Action Spoofing - (173)

Attack PatternClickjacking - (103)Clickjacking - (103)

Attack PatternFlash File Overlay - (181)Flash File Overlay - (181)

Attack PatterniFrame Overlay - (222)iFrame Overlay - (222)

CategoryTime and State Attacks - (172)Time and State Attacks - (172)

Attack PatternForced Deadlock - (25)Forced Deadlock - (25)

Attack PatternLeveraging Race Conditions - (26)Leveraging Race Conditions - (26)

Attack PatternLeveraging Race Conditions via Symbolic Links - (27)Leveraging Race Conditions via Symbolic Links - (27)

Attack PatternLeveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)

Attack PatternLeveraging Race Conditions via Symbolic Links - (27)Leveraging Race Conditions via Symbolic Links - (27)

Attack PatternLeveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)

Attack PatternLeveraging Race Conditions via Symbolic Links - (27)Leveraging Race Conditions via Symbolic Links - (27)

Attack PatternManipulating User State - (74)Manipulating User State - (74)

Attack PatternBypassing of Intermediate Forms in Multiple-Form Sets - (140)Bypassing of Intermediate Forms in Multiple-Form Sets - (140)

CategoryAbuse of Functionality - (210)Abuse of Functionality - (210)

CategoryFunctionality Misuse - (212)Functionality Misuse - (212)

Attack PatternInducing Account Lockout - (2)Inducing Account Lockout - (2)

Attack PatternPassword Recovery Exploitation - (50)Password Recovery Exploitation - (50)

Attack PatternManipulating hidden fields to change the normal flow of transactions (eShoplifting) - (162)Manipulating hidden fields to change the normal flow of transactions (eShoplifting) - (162)

CategoryAbuse of Communication Channels - (216)Abuse of Communication Channels - (216)

Attack PatternChoosing a Message/Channel Identifier on a Public/Multicast Channel - (12)Choosing a Message/Channel Identifier on a Public/Multicast Channel - (12)

Attack PatternFuzzing and observing application log data/errors for application mapping - (215)Fuzzing and observing application log data/errors for application mapping - (215)

Attack PatternExploiting Incorrectly Configured SSL Security Levels - (217)Exploiting Incorrectly Configured SSL Security Levels - (217)

Attack PatternForceful Browsing - (87)Forceful Browsing - (87)

Attack PatternDetect Unpublicised Web Pages - (143)Detect Unpublicised Web Pages - (143)

Attack PatternDetect Unpublicised Web Services - (144)Detect Unpublicised Web Services - (144)

Attack PatternPassing Local Filenames to Functions That Expect a URL - (48)Passing Local Filenames to Functions That Expect a URL - (48)

Attack PatternProbing an Application Through Targeting its Error Reporting - (54)Probing an Application Through Targeting its Error Reporting - (54)

Attack PatternFuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)

Attack PatternFuzzing and observing application log data/errors for application mapping - (215)Fuzzing and observing application log data/errors for application mapping - (215)

Attack PatternWSDL Scanning - (95)WSDL Scanning - (95)

Attack PatternAPI Abuse/Misuse - (113)API Abuse/Misuse - (113)

Attack PatternUsing Unpublished Web Service APIs - (36)Using Unpublished Web Service APIs - (36)

Attack PatternLocate and Exploit Test APIs - (121)Locate and Exploit Test APIs - (121)

Attack PatternProgramming to included script-based APIs - (160)Programming to included script-based APIs - (160)

Attack PatternDiscovering, querying, and finally calling micro-services, such as w/ AJAX - (179)Discovering, querying, and finally calling micro-services, such as w/ AJAX - (179)

Attack PatternLeveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior - (211)Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior - (211)

Attack PatternTry All Common Application Switches and Options - (133)Try All Common Application Switches and Options - (133)

Attack PatternCache Poisoning - (141)Cache Poisoning - (141)

Attack PatternSoftware Integrity Attacks - (184)Software Integrity Attacks - (184)

Attack PatternJSON Hijacking (aka JavaScript Hijacking) - (111)JSON Hijacking (aka JavaScript Hijacking) - (111)

Attack PatternMalicious Software Update - (186)Malicious Software Update - (186)

Attack PatternMalicious Automated Software Update - (187)Malicious Automated Software Update - (187)

Attack PatternMalicious Software Download - (185)Malicious Software Download - (185)

Attack PatternMalicious Software Update - (186)Malicious Software Update - (186)

Attack PatternMalicious Automated Software Update - (187)Malicious Automated Software Update - (187)

Attack PatternDirectory Traversal - (213)Directory Traversal - (213)

Attack PatternAnalytic Attacks - (281)Analytic Attacks - (281)

CategoryFingerprinting - (224)Fingerprinting - (224)

Attack PatternWeb Server/Application Fingerprinting - (170)Web Server/Application Fingerprinting - (170)

Attack PatternCryptanalysis - (97)Cryptanalysis - (97)

Attack PatternLifting Sensitive Data from the Client - (167)Lifting Sensitive Data from the Client - (167)

Attack PatternLifting Data Embedded in Client Distributions - (37)Lifting Data Embedded in Client Distributions - (37)

Attack PatternPassively Sniff and Capture Application Code Bound for Authorized Client - (65)Passively Sniff and Capture Application Code Bound for Authorized Client - (65)

Attack PatternLifting cached, sensitive data embedded in client distributions (thick or thin) - (204)Lifting cached, sensitive data embedded in client distributions (thick or thin) - (204)

Attack PatternReflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Attack PatternLifting credential(s)/key material embedded in client distributions (thick or thin) - (205)Lifting credential(s)/key material embedded in client distributions (thick or thin) - (205)

Attack PatternFootprinting - (169)Footprinting - (169)

Attack PatternClient Network Footprinting (using AJAX/XSS) - (85)Client Network Footprinting (using AJAX/XSS) - (85)

Attack PatternReverse Engineering - (188)Reverse Engineering - (188)

Attack PatternSoftware Reverse Engineering - (189)Software Reverse Engineering - (189)

Attack PatternReverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)

Attack PatternRead Sensitive Stings Within an Executable - (191)Read Sensitive Stings Within an Executable - (191)

Attack PatternPHP Local File Inclusion - (252)PHP Local File Inclusion - (252)

Attack PatternProtocol Reverse Engineering - (192)Protocol Reverse Engineering - (192)

CategoryProbabilistic Techniques - (223)Probabilistic Techniques - (223)

Attack PatternFuzzing - (28)Fuzzing - (28)

Attack PatternManipulating Opaque Client-based Data Tokens - (39)Manipulating Opaque Client-based Data Tokens - (39)

Attack PatternAccessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Attack PatternBrute Force - (112)Brute Force - (112)

Attack PatternEncryption Brute Forcing - (20)Encryption Brute Forcing - (20)

Attack PatternCryptanalysis - (97)Cryptanalysis - (97)

Attack PatternPassword Brute Forcing - (49)Password Brute Forcing - (49)

Attack PatternDictionary-based Password Attack - (16)Dictionary-based Password Attack - (16)

Attack PatternRainbow Table Password Cracking - (55)Rainbow Table Password Cracking - (55)

Attack PatternTry Common(default) Usernames and Passwords - (70)Try Common(default) Usernames and Passwords - (70)

Attack PatternScreen Temporary Files for Sensitive Information - (155)Screen Temporary Files for Sensitive Information - (155)

CategoryExploitation of Authentication - (225)Exploitation of Authentication - (225)

Attack PatternExploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)Exploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)

Attack PatternAccessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Attack PatternReusing Session IDs (aka Session Replay) - (60)Reusing Session IDs (aka Session Replay) - (60)

Attack PatternSession Fixation - (61)Session Fixation - (61)

Attack PatternCross Site Request Forgery (aka Session Riding) - (62)Cross Site Request Forgery (aka Session Riding) - (62)

Attack PatternSession Sidejacking - (102)Session Sidejacking - (102)

Attack PatternSession Credential Falsification through Forging - (196)Session Credential Falsification through Forging - (196)

Attack PatternSession Credential Falsification through Prediction - (59)Session Credential Falsification through Prediction - (59)

Attack PatternSession Credential Falsification through Manipulation - (226)Session Credential Falsification through Manipulation - (226)

Attack PatternAuthentication Abuse - (114)Authentication Abuse - (114)

Attack PatternReflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Attack PatternAuthentication Bypass - (115)Authentication Bypass - (115)

CategoryExploitation of Privilege/Trust - (232)Exploitation of Privilege/Trust - (232)

CategoryPrivilege Escalation - (233)Privilege Escalation - (233)

Attack PatternAccessing, Modifying or Executing Executable Files - (17)Accessing, Modifying or Executing Executable Files - (17)

Attack PatternRestful Privilege Elevation - (58)Restful Privilege Elevation - (58)

Attack PatternManipulating Writeable Configuration Files - (75)Manipulating Writeable Configuration Files - (75)

Attack PatternCross Zone Scripting - (104)Cross Zone Scripting - (104)

Attack PatternSymlink Attacks - (132)Symlink Attacks - (132)

Attack PatternExploiting Trust in Client (aka Make the Client Invisible) - (22)Exploiting Trust in Client (aka Make the Client Invisible) - (22)

Attack PatternMan in the Middle Attack - (94)Man in the Middle Attack - (94)

Attack PatternUtilizing REST's Trust in the System Resource to Register Man in the Middle - (57)Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)

Attack PatternXML Routing Detour Attacks - (219)XML Routing Detour Attacks - (219)

Attack PatternManipulating Opaque Client-based Data Tokens - (39)Manipulating Opaque Client-based Data Tokens - (39)

Attack PatternAccessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Attack PatternManipulating User-Controlled Variables - (77)Manipulating User-Controlled Variables - (77)

Attack PatternBuffer Overflow via Environment Variables - (10)Buffer Overflow via Environment Variables - (10)

Attack PatternBuffer Overflow in Local Command-Line Utilities - (9)Buffer Overflow in Local Command-Line Utilities - (9)

Attack PatternTarget Programs with Elevated Privileges - (69)Target Programs with Elevated Privileges - (69)

Attack PatternSubverting Environment Variable Values - (13)Subverting Environment Variable Values - (13)

Attack PatternLeveraging/Manipulating Configuration File Search Paths - (38)Leveraging/Manipulating Configuration File Search Paths - (38)

Attack PatternManipulating Input to File System Calls - (76)Manipulating Input to File System Calls - (76)

Attack PatternLifting Sensitive Data from the Client - (167)Lifting Sensitive Data from the Client - (167)

Attack PatternLifting Data Embedded in Client Distributions - (37)Lifting Data Embedded in Client Distributions - (37)

Attack PatternPassively Sniff and Capture Application Code Bound for Authorized Client - (65)Passively Sniff and Capture Application Code Bound for Authorized Client - (65)

Attack PatternLifting cached, sensitive data embedded in client distributions (thick or thin) - (204)Lifting cached, sensitive data embedded in client distributions (thick or thin) - (204)

Attack PatternReflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Attack PatternCreate Malicious Client - (202)Create Malicious Client - (202)

Attack PatternRemoving Important Functionality from the Client - (207)Removing Important Functionality from the Client - (207)

Attack PatternRemoving/short-circuiting 'guard logic' - (56)Removing/short-circuiting 'guard logic' - (56)

Attack PatternRemoval of filters: Input filters, output filters, data masking - (200)Removal of filters: Input filters, output filters, data masking - (200)

Attack PatternRemoving/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements - (208)Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements - (208)

Attack PatternSubversion of authorization checks: cache filtering, programmatic security, etc. - (239)Subversion of authorization checks: cache filtering, programmatic security, etc. - (239)

Attack PatternClient-Server Protocol Manipulation - (220)Client-Server Protocol Manipulation - (220)

Attack PatternReflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Attack PatternEmbedding Script (XSS ) in HTTP Headers - (86)Embedding Script (XSS ) in HTTP Headers - (86)

Attack PatternCross Site Tracing - (107)Cross Site Tracing - (107)

Attack PatternEmbedding Scripts in HTTP Query Strings - (32)Embedding Scripts in HTTP Query Strings - (32)

Attack PatternHTTP Request Smuggling - (33)HTTP Request Smuggling - (33)

Attack PatternHTTP Response Splitting - (34)HTTP Response Splitting - (34)

Attack PatternHTTP Request Splitting - (105)HTTP Request Splitting - (105)

Attack PatternMalicious Automated Software Update - (187)Malicious Automated Software Update - (187)

Attack PatternHTTP Response Smuggling - (273)HTTP Response Smuggling - (273)

Attack PatternHTTP Verb Tampering - (274)HTTP Verb Tampering - (274)

Attack PatternHijacking a Privileged Thread of Execution - (30)Hijacking a Privileged Thread of Execution - (30)

Attack PatternImplementing a callback to system routine (old AWT Queue) - (235)Implementing a callback to system routine (old AWT Queue) - (235)

Attack PatternCatching exception throw/signal from privileged block - (236)Catching exception throw/signal from privileged block - (236)

Attack PatternSubvert Code-signing Facilities - (68)Subvert Code-signing Facilities - (68)

Attack PatternLifting signing key and signing malicious code from a production environment - (206)Lifting signing key and signing malicious code from a production environment - (206)

Attack PatternCalling signed code from another language within a sandbox that allows this - (237)Calling signed code from another language within a sandbox that allows this - (237)

Attack PatternUsing URL/codebase / G.A.C. (code source) to convince sandbox of privilege - (238)Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege - (238)

Attack PatternTarget Programs with Elevated Privileges - (69)Target Programs with Elevated Privileges - (69)

Attack PatternExploitation of Authorization - (122)Exploitation of Authorization - (122)

Attack PatternAccessing Functionality Not Properly Constrained by ACLs - (1)Accessing Functionality Not Properly Constrained by ACLs - (1)

Attack PatternAccessing, Modifying or Executing Executable Files - (17)Accessing, Modifying or Executing Executable Files - (17)

Attack PatternRestful Privilege Elevation - (58)Restful Privilege Elevation - (58)

Attack PatternExploiting Incorrectly Configured Access Control Security Levels - (180)Exploiting Incorrectly Configured Access Control Security Levels - (180)

Attack PatternHijacking a privileged process - (234)Hijacking a privileged process - (234)

CategoryData Structure Attacks - (255)Data Structure Attacks - (255)

Attack PatternAccessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Attack PatternBuffer Attacks - (123)Buffer Attacks - (123)

Attack PatternOverflow Buffers - (100)Overflow Buffers - (100)

Attack PatternBuffer Overflow in an API Call - (8)Buffer Overflow in an API Call - (8)

Attack PatternClient-side Injection-induced Buffer Overflow - (14)Client-side Injection-induced Buffer Overflow - (14)

Attack PatternTarget Programs with Elevated Privileges - (69)Target Programs with Elevated Privileges - (69)

Attack PatternBuffer Overflow in Local Command-Line Utilities - (9)Buffer Overflow in Local Command-Line Utilities - (9)

Attack PatternTarget Programs with Elevated Privileges - (69)Target Programs with Elevated Privileges - (69)

Attack PatternBuffer Overflow via Environment Variables - (10)Buffer Overflow via Environment Variables - (10)

Attack PatternBuffer Overflow in Local Command-Line Utilities - (9)Buffer Overflow in Local Command-Line Utilities - (9)

Attack PatternTarget Programs with Elevated Privileges - (69)Target Programs with Elevated Privileges - (69)

Attack PatternClient-side Injection-induced Buffer Overflow - (14)Client-side Injection-induced Buffer Overflow - (14)

Attack PatternFilter Failure through Buffer Overflow - (24)Filter Failure through Buffer Overflow - (24)

Attack PatternMIME Conversion - (42)MIME Conversion - (42)

Attack PatternOverflow Binary Resource File - (44)Overflow Binary Resource File - (44)

Attack PatternBuffer Overflow via Symbolic Links - (45)Buffer Overflow via Symbolic Links - (45)

Attack PatternOverflow Variables and Tags - (46)Overflow Variables and Tags - (46)

Attack PatternBuffer Overflow via Parameter Expansion - (47)Buffer Overflow via Parameter Expansion - (47)

Attack PatternString Format Overflow in syslog() - (67)String Format Overflow in syslog() - (67)

Attack PatternTarget Programs with Elevated Privileges - (69)Target Programs with Elevated Privileges - (69)

Attack PatternSOAP Array Overflow - (256)SOAP Array Overflow - (256)

Attack PatternAbuse of transaction data strutcture - (257)Abuse of transaction data strutcture - (257)

Attack PatternAttack through Shared Data - (124)Attack through Shared Data - (124)

Attack PatternInteger Attacks - (128)Integer Attacks - (128)

Attack PatternForced Integer Overflow - (92)Forced Integer Overflow - (92)

Attack PatternPointer Attack - (129)Pointer Attack - (129)

CategoryResource Manipulation - (262)Resource Manipulation - (262)

Attack PatternAccessing/Intercepting/Modifying HTTP Cookies - (31)Accessing/Intercepting/Modifying HTTP Cookies - (31)

Attack PatternInput Data Manipulation - (153)Input Data Manipulation - (153)

Attack PatternManipulate Canonicalization - (266)Manipulate Canonicalization - (266)

Attack PatternCause Web Server Misclassification - (11)Cause Web Server Misclassification - (11)

Attack PatternLeverage Alternate Encoding - (267)Leverage Alternate Encoding - (267)

Attack PatternUsing Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)

Attack PatternUsing Alternative IP Address Encodings - (4)Using Alternative IP Address Encodings - (4)

Attack PatternExploiting Multiple Input Interpretation Layers - (43)Exploiting Multiple Input Interpretation Layers - (43)

Attack PatternEmbedding NULL Bytes - (52)Embedding NULL Bytes - (52)

Attack PatternPostfix, Null Terminate, and Backslash - (53)Postfix, Null Terminate, and Backslash - (53)

Attack PatternUsing Slashes and URL Encoding Combined to Bypass Validation Logic - (64)Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Attack PatternURL Encoding - (72)URL Encoding - (72)

Attack PatternUsing Slashes and URL Encoding Combined to Bypass Validation Logic - (64)Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Attack PatternUsing Escaped Slashes in Alternate Encoding - (78)Using Escaped Slashes in Alternate Encoding - (78)

Attack PatternUsing Slashes in Alternate Encoding - (79)Using Slashes in Alternate Encoding - (79)

Attack PatternUsing Slashes and URL Encoding Combined to Bypass Validation Logic - (64)Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Attack PatternUsing Escaped Slashes in Alternate Encoding - (78)Using Escaped Slashes in Alternate Encoding - (78)

Attack PatternUsing Unicode Encoding to Bypass Validation Logic - (71)Using Unicode Encoding to Bypass Validation Logic - (71)

Attack PatternUsing UTF-8 Encoding to Bypass Validation Logic - (80)Using UTF-8 Encoding to Bypass Validation Logic - (80)

Attack PatternDouble Encoding - (120)Double Encoding - (120)

Attack PatternResource Location Attacks - (154)Resource Location Attacks - (154)

CategoryPath Traversal - (126)Path Traversal - (126)

Attack PatternUsing Slashes and URL Encoding Combined to Bypass Validation Logic - (64)Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Attack PatternUsing Escaped Slashes in Alternate Encoding - (78)Using Escaped Slashes in Alternate Encoding - (78)

Attack PatternUsing Slashes in Alternate Encoding - (79)Using Slashes in Alternate Encoding - (79)

Attack PatternUsing Slashes and URL Encoding Combined to Bypass Validation Logic - (64)Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Attack PatternUsing Escaped Slashes in Alternate Encoding - (78)Using Escaped Slashes in Alternate Encoding - (78)

Attack PatternRelative Path Traversal - (139)Relative Path Traversal - (139)

Attack PatternLeveraging/Manipulating Configuration File Search Paths - (38)Leveraging/Manipulating Configuration File Search Paths - (38)

Attack PatternDirectory Indexing - (127)Directory Indexing - (127)

Attack PatternCommon resource location exploration - (150)Common resource location exploration - (150)

Attack PatternExplore for predictable temporary file names - (149)Explore for predictable temporary file names - (149)

Attack PatternInfrastructure Manipulation - (161)Infrastructure Manipulation - (161)

Attack PatternPharming - (89)Pharming - (89)

Attack PatternDNS Cache Poisoning - (142)DNS Cache Poisoning - (142)

Attack PatternFile Manipulation - (165)File Manipulation - (165)

Attack PatternAccessing, Modifying or Executing Executable Files - (17)Accessing, Modifying or Executing Executable Files - (17)

Attack PatternFile System Function Injection, Content Based - (23)File System Function Injection, Content Based - (23)

Attack PatternLeverage Executable Code in Nonexecutable Files - (35)Leverage Executable Code in Nonexecutable Files - (35)

Attack PatternOverflow Binary Resource File - (44)Overflow Binary Resource File - (44)

Attack PatternUser-Controlled Filename - (73)User-Controlled Filename - (73)

Attack PatternCause Web Server Misclassification - (11)Cause Web Server Misclassification - (11)

Attack PatternCreate files with the same name as files protected with a higher classification - (177)Create files with the same name as files protected with a higher classification - (177)

Attack PatternForce Use of Corruped Files - (263)Force Use of Corruped Files - (263)

Attack PatternVariable Manipulation - (171)Variable Manipulation - (171)

Attack PatternManipulating Input to File System Calls - (76)Manipulating Input to File System Calls - (76)

Attack PatternForce the System to Reset Values - (166)Force the System to Reset Values - (166)

Attack PatternEnvironment variable manipulation - (264)Environment variable manipulation - (264)

Attack PatternSubverting Environment Variable Values - (13)Subverting Environment Variable Values - (13)

Attack PatternLeveraging/Manipulating Configuration File Search Paths - (38)Leveraging/Manipulating Configuration File Search Paths - (38)

Attack PatternManipulating Input to File System Calls - (76)Manipulating Input to File System Calls - (76)

Attack PatternGlobal variable manipulation - (265)Global variable manipulation - (265)

Attack PatternManipulating User-Controlled Variables - (77)Manipulating User-Controlled Variables - (77)

Attack PatternBuffer Overflow via Environment Variables - (10)Buffer Overflow via Environment Variables - (10)

Attack PatternBuffer Overflow in Local Command-Line Utilities - (9)Buffer Overflow in Local Command-Line Utilities - (9)

Attack PatternTarget Programs with Elevated Privileges - (69)Target Programs with Elevated Privileges - (69)

Attack PatternSubverting Environment Variable Values - (13)Subverting Environment Variable Values - (13)

Attack PatternLeveraging/Manipulating Configuration File Search Paths - (38)Leveraging/Manipulating Configuration File Search Paths - (38)

Attack PatternManipulating Input to File System Calls - (76)Manipulating Input to File System Calls - (76)

Attack PatternConfiguration/Environment manipulation - (176)Configuration/Environment manipulation - (176)

Attack PatternBlock Access to Libraries - (96)Block Access to Libraries - (96)

Attack PatternManipulating Writeable Configuration Files - (75)Manipulating Writeable Configuration Files - (75)

Attack PatternRedirect Access to Libraries - (159)Redirect Access to Libraries - (159)

Attack PatternManipulate Application Registry Values - (203)Manipulate Application Registry Values - (203)

Attack PatternAbuse of transaction data strutcture - (257)Abuse of transaction data strutcture - (257)

Attack PatternAudit Log Manipulation - (268)Audit Log Manipulation - (268)

Attack PatternLog Injection-Tampering-Forging - (93)Log Injection-Tampering-Forging - (93)

Attack PatternCross Site Scripting through Log Files - (106)Cross Site Scripting through Log Files - (106)

Attack PatternWeb Logs Tampering - (81)Web Logs Tampering - (81)

Attack PatternRegistry Manipulation - (269)Registry Manipulation - (269)

Attack PatternPoison Web Service Registry - (51)Poison Web Service Registry - (51)

Attack PatternCraft a Maliciously Misconfigured Registry - (270)Craft a Maliciously Misconfigured Registry - (270)

Attack PatternSchema Poisoning - (271)Schema Poisoning - (271)

Attack PatternXML Schema Poisoning - (146)XML Schema Poisoning - (146)

Attack PatternProtocol Manipulation - (272)Protocol Manipulation - (272)

CategoryWeb Services Protocol Manipulation - (278)Web Services Protocol Manipulation - (278)

Attack PatternExternal Entity Attack - (201)External Entity Attack - (201)

Attack PatternSoap Manipulation - (279)Soap Manipulation - (279)

Attack PatternDTD Injection in a SOAP Message - (254)DTD Injection in a SOAP Message - (254)

Attack PatternSOAP Parameter Tampering - (280)SOAP Parameter Tampering - (280)

Attack PatternSQL Injection through SOAP Parameter Tampering - (110)SQL Injection through SOAP Parameter Tampering - (110)

Attack PatternWindows ::DATA Alternate Data Stream - (168)Windows ::DATA Alternate Data Stream - (168)

Attack PatternClient-Server Protocol Manipulation - (220)Client-Server Protocol Manipulation - (220)

Attack PatternReflection Attack in Authentication Protocol - (90)Reflection Attack in Authentication Protocol - (90)

Attack PatternEmbedding Script (XSS ) in HTTP Headers - (86)Embedding Script (XSS ) in HTTP Headers - (86)

Attack PatternCross Site Tracing - (107)Cross Site Tracing - (107)

Attack PatternEmbedding Scripts in HTTP Query Strings - (32)Embedding Scripts in HTTP Query Strings - (32)

Attack PatternHTTP Request Smuggling - (33)HTTP Request Smuggling - (33)

Attack PatternHTTP Response Splitting - (34)HTTP Response Splitting - (34)

Attack PatternHTTP Request Splitting - (105)HTTP Request Splitting - (105)

Attack PatternMalicious Automated Software Update - (187)Malicious Automated Software Update - (187)

Attack PatternHTTP Response Smuggling - (273)HTTP Response Smuggling - (273)

Attack PatternHTTP Verb Tampering - (274)HTTP Verb Tampering - (274)

Attack PatternDNS Rebinding - (275)DNS Rebinding - (275)

Attack PatternInter-component Protocol Manipulation - (276)Inter-component Protocol Manipulation - (276)

Attack PatternData Interchange Protocol Manipulation - (277)Data Interchange Protocol Manipulation - (277)

Attack PatternNetwork Reconnaissance - (286)Network Reconnaissance - (286)

Attack PatternICMP Echo Request Ping - (285)ICMP Echo Request Ping - (285)

Attack PatternTCP SYN Scan - (287)TCP SYN Scan - (287)

Attack PatternICMP Echo Request Ping - (288)ICMP Echo Request Ping - (288)

Attack PatternInfrastructure-based footprinting - (289)Infrastructure-based footprinting - (289)

Attack PatternEnumerate Mail Exchange (MX) Records - (290)Enumerate Mail Exchange (MX) Records - (290)

Attack PatternDNS Zone Transfers - (291)DNS Zone Transfers - (291)

Attack PatternHost Discovery - (292)Host Discovery - (292)

Attack PatternTraceroute Route Enumeration - (293)Traceroute Route Enumeration - (293)

Attack PatternICMP Address Mask Request - (294)ICMP Address Mask Request - (294)

Attack PatternICMP Timestamp Request - (295)ICMP Timestamp Request - (295)

Attack PatternICMP Information Request - (296)ICMP Information Request - (296)

Attack PatternTCP ACK Ping - (297)TCP ACK Ping - (297)

Attack PatternUDP Ping - (298)UDP Ping - (298)

Attack PatternTCP SYN Ping - (299)TCP SYN Ping - (299)

Attack PatternPort Scanning - (300)Port Scanning - (300)

Attack PatternTCP Connect Scan - (301)TCP Connect Scan - (301)

Attack PatternTCP FIN scan - (302)TCP FIN scan - (302)

Attack PatternTCP Xmas Scan - (303)TCP Xmas Scan - (303)

Attack PatternTCP Null Scan - (304)TCP Null Scan - (304)

Attack PatternTCP ACK Scan - (305)TCP ACK Scan - (305)

Attack PatternTCP Window Scan - (306)TCP Window Scan - (306)

Attack PatternTCP RPC Scan - (307)TCP RPC Scan - (307)

Attack PatternUDP Scan - (308)UDP Scan - (308)

Page Last Updated: September 22, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us