CAPEC - VIEW LIST: CAPEC-1000: Mechanism of Attack (Release 1.4)

Home > CAPEC List > VIEW LIST: CAPEC-1000: Mechanism of Attack (Release 1.4)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

CAPEC-1000: Mechanism of Attack

Mechanism of Attack

Definition in a New Window

View ID: 1000 (View: Graph)

Status: Draft

View Data

View Structure: Graph

View Objective

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	118	Data Leakage Attacks	Mechanism of Attack1000
HasMember	Category	119	Resource Depletion	Mechanism of Attack1000
HasMember	Category	152	Injection (Injecting Control Plane content through the Data Plane)	Mechanism of Attack1000
HasMember	Category	156	Spoofing	Mechanism of Attack1000
HasMember	Category	172	Time and State Attacks	Mechanism of Attack1000
HasMember	Category	210	Abuse of Functionality	Mechanism of Attack1000
HasMember	Category	223	Probabilistic Techniques	Mechanism of Attack1000
HasMember	Category	225	Exploitation of Authentication	Mechanism of Attack1000
HasMember	Category	232	Exploitation of Privilege/Trust	Mechanism of Attack1000
HasMember	Category	255	Data Structure Attacks	Mechanism of Attack1000
HasMember	Category	262	Resource Manipulation	Mechanism of Attack1000
HasMember	Attack Pattern	286	Network Reconnaissance	Mechanism of Attack1000

	CAPECs in this view		Total CAPECs
Total	298	out of	310
Views	0	out of	5
Categories	18	out of	18
Attack Patterns	287	out of	287

Category Abuse of Communication Channels - (216)

Category Abuse of Functionality - (210)

Attack Pattern Abuse of transaction data strutcture - (257)

Attack Pattern Accessing Functionality Not Properly Constrained by ACLs - (1)

Attack Pattern Accessing, Modifying or Executing Executable Files - (17)

Attack Pattern Accessing/Intercepting/Modifying HTTP Cookies - (31)

Attack Pattern Action Spoofing - (173)

Attack Pattern Analog In-band Switching Signals (aka Blue Boxing) - (5)

Attack Pattern Analytic Attacks - (281)

Attack Pattern API Abuse/Misuse - (113)

Attack Pattern Argument Injection - (6)

Attack Pattern Attack through Shared Data - (124)

Attack Pattern Audit Log Manipulation - (268)

Attack Pattern Authentication Abuse - (114)

Attack Pattern Authentication Bypass - (115)

Attack Pattern Blind SQL Injection - (7)

Attack Pattern Block Access to Libraries - (96)

Attack Pattern Brute Force - (112)

Attack Pattern Buffer Attacks - (123)

Attack Pattern Buffer Overflow in an API Call - (8)

Attack Pattern Buffer Overflow in Local Command-Line Utilities - (9)

Attack Pattern Buffer Overflow via Environment Variables - (10)

Attack Pattern Buffer Overflow via Parameter Expansion - (47)

Attack Pattern Buffer Overflow via Symbolic Links - (45)

Attack Pattern Bypassing of Intermediate Forms in Multiple-Form Sets - (140)

Attack Pattern Cache Poisoning - (141)

Attack Pattern Calling signed code from another language within a sandbox that allows this - (237)

Attack Pattern Catching exception throw/signal from privileged block - (236)

Attack Pattern Cause Web Server Misclassification - (11)

Attack Pattern Character Injection - (249)

Attack Pattern Checksum Spoofing - (145)

Attack Pattern Choosing a Message/Channel Identifier on a Public/Multicast Channel - (12)

Attack Pattern Clickjacking - (103)

Attack Pattern Client Network Footprinting (using AJAX/XSS) - (85)

Attack Pattern Client-Server Protocol Manipulation - (220)

Attack Pattern Client-side Injection-induced Buffer Overflow - (14)

Attack Pattern Code Inclusion - (175)

Attack Pattern Code Injection - (241)

Attack Pattern Command Delimiters - (15)

Attack Pattern Command Injection - (248)

Attack Pattern Command Line Execution through SQL Injection - (108)

Attack Pattern Common resource location exploration - (150)

Attack Pattern Configuration/Environment manipulation - (176)

Attack Pattern Content Spoofing - (148)

Attack Pattern Craft a Maliciously Misconfigured Registry - (270)

Attack Pattern Create files with the same name as files protected with a higher classification - (177)

Attack Pattern Create Malicious Client - (202)

Attack Pattern Cross Site Request Forgery (aka Session Riding) - (62)

Attack Pattern Cross Site Scripting through Log Files - (106)

Attack Pattern Cross Site Tracing - (107)

Attack Pattern Cross Zone Scripting - (104)

Attack Pattern Cross-Site Flashing - (178)

Attack Pattern Cross-Site Scripting in Attributes - (243)

Attack Pattern Cross-Site Scripting in Error Pages - (198)

Attack Pattern Cross-Site Scripting Using Alternate Syntax - (199)

Attack Pattern Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript - (245)

Attack Pattern Cross-Site Scripting Using Flash - (246)

Attack Pattern Cross-Site Scripting Using MIME Type Mismatch - (209)

Attack Pattern Cross-Site Scripting via Encoded URI Schemes - (244)

Attack Pattern Cross-Site Scripting with Masking through Invalid Characters in Identifiers - (247)

Attack Pattern Cryptanalysis - (97)

Attack Pattern Data Excavation Attacks - (116)

Attack Pattern Data Interception Attacks - (117)

Attack Pattern Data Interchange Protocol Manipulation - (277)

Category Data Leakage Attacks - (118)

Category Data Structure Attacks - (255)

Attack Pattern Denial of Service through Resource Depletion - (227)

Attack Pattern Detect Unpublicised Web Pages - (143)

Attack Pattern Detect Unpublicised Web Services - (144)

Attack Pattern Dictionary-based Password Attack - (16)

Attack Pattern Directory Indexing - (127)

Attack Pattern Directory Traversal - (213)

Attack Pattern Discovering, querying, and finally calling micro-services, such as w/ AJAX - (179)

Attack Pattern DNS Cache Poisoning - (142)

Attack Pattern DNS Rebinding - (275)

Attack Pattern DNS Zone Transfers - (291)

Attack Pattern Double Encoding - (120)

Attack Pattern DTD Injection in a SOAP Message - (254)

Attack Pattern Email Injection - (134)

Attack Pattern Embedding NULL Bytes - (52)

Attack Pattern Embedding Script (XSS ) in HTTP Headers - (86)

Attack Pattern Embedding Scripts in HTTP Query Strings - (32)

Attack Pattern Embedding Scripts in Nonscript Elements - (18)

Attack Pattern Embedding Scripts within Scripts - (19)

Attack Pattern Encryption Brute Forcing - (20)

Attack Pattern Enumerate Mail Exchange (MX) Records - (290)

Attack Pattern Environment variable manipulation - (264)

Category Exploitation of Authentication - (225)

Attack Pattern Exploitation of Authorization - (122)

Category Exploitation of Privilege/Trust - (232)

Attack Pattern Exploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)

Attack Pattern Exploiting Incorrectly Configured Access Control Security Levels - (180)

Attack Pattern Exploiting Incorrectly Configured SSL Security Levels - (217)

Attack Pattern Exploiting Multiple Input Interpretation Layers - (43)

Attack Pattern Exploiting Trust in Client (aka Make the Client Invisible) - (22)

Attack Pattern Explore for predictable temporary file names - (149)

Attack Pattern External Entity Attack - (201)

Attack Pattern External Entity Attack - (221)

Attack Pattern Fake the Source of Data - (194)

Attack Pattern File Manipulation - (165)

Attack Pattern File System Function Injection, Content Based - (23)

Attack Pattern Filter Failure through Buffer Overflow - (24)

Category Fingerprinting - (224)

Attack Pattern Flash File Overlay - (181)

Attack Pattern Flash Injection - (182)

Attack Pattern Flash Parameter Injection - (174)

Attack Pattern Footprinting - (169)

Attack Pattern Force the System to Reset Values - (166)

Attack Pattern Force Use of Corruped Files - (263)

Attack Pattern Forced Deadlock - (25)

Attack Pattern Forced Integer Overflow - (92)

Attack Pattern Forceful Browsing - (87)

Attack Pattern Format String Injection - (135)

Category Functionality Misuse - (212)

Attack Pattern Fuzzing - (28)

Attack Pattern Fuzzing and observing application log data/errors for application mapping - (215)

Attack Pattern Fuzzing for garnering (through web or log) other adjacent user/sensitive data as an authorized system user (overly broad but valid SQL queries) - (261)

Attack Pattern Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)

Attack Pattern Global variable manipulation - (265)

Attack Pattern Hijacking a privileged process - (234)

Attack Pattern Hijacking a Privileged Thread of Execution - (30)

Attack Pattern Host Discovery - (292)

Attack Pattern HTTP Request Smuggling - (33)

Attack Pattern HTTP Request Splitting - (105)

Attack Pattern HTTP Response Smuggling - (273)

Attack Pattern HTTP Response Splitting - (34)

Attack Pattern HTTP Verb Tampering - (274)

Attack Pattern ICMP Address Mask Request - (294)

Attack Pattern ICMP Echo Request Ping - (285)

Attack Pattern ICMP Echo Request Ping - (288)

Attack Pattern ICMP Information Request - (296)

Attack Pattern ICMP Timestamp Request - (295)

Attack Pattern Identity Spoofing (Impersonation) - (151)

Attack Pattern iFrame Overlay - (222)

Attack Pattern IMAP/SMTP Command Injection - (183)

Attack Pattern Implementing a callback to system routine (old AWT Queue) - (235)

Attack Pattern Inducing Account Lockout - (2)

Attack Pattern Infrastructure Manipulation - (161)

Attack Pattern Infrastructure-based footprinting - (289)

Category Injection (Injecting Control Plane content through the Data Plane) - (152)

Attack Pattern Input Data Manipulation - (153)

Attack Pattern Integer Attacks - (128)

Attack Pattern Inter-component Protocol Manipulation - (276)

Attack Pattern JSON Hijacking (aka JavaScript Hijacking) - (111)

Attack Pattern LDAP Injection - (136)

Attack Pattern Leverage Alternate Encoding - (267)

Attack Pattern Leverage Executable Code in Nonexecutable Files - (35)

Attack Pattern Leveraging Race Conditions - (26)

Attack Pattern Leveraging Race Conditions via Symbolic Links - (27)

Attack Pattern Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)

Attack Pattern Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior - (211)

Attack Pattern Leveraging/Manipulating Configuration File Search Paths - (38)

Attack Pattern Lifting cached, sensitive data embedded in client distributions (thick or thin) - (204)

Attack Pattern Lifting credential(s)/key material embedded in client distributions (thick or thin) - (205)

Attack Pattern Lifting Data Embedded in Client Distributions - (37)

Attack Pattern Lifting Sensitive Data from the Client - (167)

Attack Pattern Lifting signing key and signing malicious code from a production environment - (206)

Attack Pattern Local Code Inclusion - (251)

Attack Pattern Locate and Exploit Test APIs - (121)

Attack Pattern Log Injection-Tampering-Forging - (93)

Attack Pattern Malicious Automated Software Update - (187)

Attack Pattern Malicious Software Download - (185)

Attack Pattern Malicious Software Update - (186)

Attack Pattern Man in the Middle Attack - (94)

Attack Pattern Manipulate Application Registry Values - (203)

Attack Pattern Manipulate Canonicalization - (266)

Attack Pattern Manipulating hidden fields to change the normal flow of transactions (eShoplifting) - (162)

Attack Pattern Manipulating Input to File System Calls - (76)

Attack Pattern Manipulating Opaque Client-based Data Tokens - (39)

Attack Pattern Manipulating User State - (74)

Attack Pattern Manipulating User-Controlled Variables - (77)

Attack Pattern Manipulating Writeable Configuration Files - (75)

Attack Pattern Manipulating Writeable Terminal Devices - (40)

Attack Pattern MIME Conversion - (42)

Attack Pattern Mobile Phishing (aka MobPhishing) - (164)

Attack Pattern Network Reconnaissance - (286)

Attack Pattern Object Relational Mapping Injection - (109)

Attack Pattern OS Command Injection - (88)

Attack Pattern Overflow Binary Resource File - (44)

Attack Pattern Overflow Buffers - (100)

Attack Pattern Overflow Variables and Tags - (46)

Attack Pattern Oversized Payloads Sent to XML Parsers - (231)

Attack Pattern Parameter Injection - (137)

Attack Pattern Passing Local Filenames to Functions That Expect a URL - (48)

Attack Pattern Passively Sniff and Capture Application Code Bound for Authorized Client - (65)

Attack Pattern Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update - (258)

Attack Pattern Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution - (260)

Attack Pattern Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching - (259)

Attack Pattern Password Brute Forcing - (49)

Attack Pattern Password Recovery Exploitation - (50)

Category Path Traversal - (126)

Attack Pattern Pharming - (89)

Attack Pattern Phishing - (98)

Attack Pattern PHP Local File Inclusion - (252)

Attack Pattern PHP Remote File Inclusion - (193)

Attack Pattern Pointer Attack - (129)

Attack Pattern Poison Web Service Registry - (51)

Attack Pattern Port Scanning - (300)

Attack Pattern Postfix, Null Terminate, and Backslash - (53)

Attack Pattern Principal Spoofing - (195)

Category Privilege Escalation - (233)

Category Probabilistic Techniques - (223)

Attack Pattern Probing an Application Through Targeting its Error Reporting - (54)

Attack Pattern Programming to included script-based APIs - (160)

Attack Pattern Protocol Manipulation - (272)

Attack Pattern Protocol Reverse Engineering - (192)

Attack Pattern Rainbow Table Password Cracking - (55)

Attack Pattern Read Sensitive Stings Within an Executable - (191)

Attack Pattern Recursive Payloads Sent to XML Parsers - (230)

Attack Pattern Redirect Access to Libraries - (159)

Attack Pattern Reflection Attack in Authentication Protocol - (90)

Attack Pattern Reflection Injection - (138)

Attack Pattern Registry Manipulation - (269)

Attack Pattern Relative Path Traversal - (139)

Category Remote Code Inclusion - (253)

Attack Pattern Removal of filters: Input filters, output filters, data masking - (200)

Attack Pattern Removing Important Functionality from the Client - (207)

Attack Pattern Removing/short-circuiting 'guard logic' - (56)

Attack Pattern Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements - (208)

Category Resource Depletion - (119)

Attack Pattern Resource Depletion through Allocation - (130)

Attack Pattern Resource Depletion through DTD Injection in a SOAP Message - (228)

Attack Pattern Resource Depletion through Flooding - (125)

Attack Pattern Resource Depletion through Leak - (131)

Attack Pattern Resource Injection - (240)

Attack Pattern Resource Location Attacks - (154)

Category Resource Manipulation - (262)

Attack Pattern Restful Privilege Elevation - (58)

Attack Pattern Reusing Session IDs (aka Session Replay) - (60)

Attack Pattern Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)

Attack Pattern Reverse Engineering - (188)

Attack Pattern Schema Poisoning - (271)

Attack Pattern Screen Temporary Files for Sensitive Information - (155)

Attack Pattern Script Injection - (242)

Attack Pattern Server Side Include (SSI) Injection - (101)

Attack Pattern Session Credential Falsification through Forging - (196)

Attack Pattern Session Credential Falsification through Manipulation - (226)

Attack Pattern Session Credential Falsification through Prediction - (59)

Attack Pattern Session Fixation - (61)

Attack Pattern Session Sidejacking - (102)

Attack Pattern Simple Script Injection - (63)

Attack Pattern Sniffing Attacks - (157)

Attack Pattern Sniffing Information Sent Over Public/multicast Networks - (158)

Attack Pattern SOAP Array Overflow - (256)

Attack Pattern Soap Manipulation - (279)

Attack Pattern SOAP Parameter Tampering - (280)

Attack Pattern Software Integrity Attacks - (184)

Attack Pattern Software Reverse Engineering - (189)

Attack Pattern Spear Phishing - (163)

Category Spoofing - (156)

Attack Pattern Spoofing of UDDI/ebXML Messages - (218)

Attack Pattern SQL Injection - (66)

Attack Pattern SQL Injection through SOAP Parameter Tampering - (110)

Attack Pattern String Format Overflow in syslog() - (67)

Attack Pattern Subversion of authorization checks: cache filtering, programmatic security, etc. - (239)

Attack Pattern Subvert Code-signing Facilities - (68)

Attack Pattern Subverting Environment Variable Values - (13)

Attack Pattern Symlink Attacks - (132)

Attack Pattern Target Programs with Elevated Privileges - (69)

Attack Pattern TCP ACK Ping - (297)

Attack Pattern TCP ACK Scan - (305)

Attack Pattern TCP Connect Scan - (301)

Attack Pattern TCP FIN scan - (302)

Attack Pattern TCP Null Scan - (304)

Attack Pattern TCP RPC Scan - (307)

Attack Pattern TCP SYN Ping - (299)

Attack Pattern TCP SYN Scan - (287)

Attack Pattern TCP Window Scan - (306)

Attack Pattern TCP Xmas Scan - (303)

Category Time and State Attacks - (172)

Attack Pattern Traceroute Route Enumeration - (293)

Attack Pattern Try All Common Application Switches and Options - (133)

Attack Pattern Try Common(default) Usernames and Passwords - (70)

Attack Pattern UDP Ping - (298)

Attack Pattern UDP Scan - (308)

Attack Pattern URL Encoding - (72)

Attack Pattern User-Controlled Filename - (73)

Attack Pattern Using Alternative IP Address Encodings - (4)

Attack Pattern Using Escaped Slashes in Alternate Encoding - (78)

Attack Pattern Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)

Attack Pattern Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

Attack Pattern Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Attack Pattern Using Slashes in Alternate Encoding - (79)

Attack Pattern Using Unicode Encoding to Bypass Validation Logic - (71)

Attack Pattern Using Unpublished Web Service APIs - (36)

Attack Pattern Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege - (238)

Attack Pattern Using UTF-8 Encoding to Bypass Validation Logic - (80)

Attack Pattern Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)

Attack Pattern Variable Manipulation - (171)

Attack Pattern Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)

Attack Pattern Web Logs Tampering - (81)

Attack Pattern Web Server/Application Fingerprinting - (170)

Category Web Services Protocol Manipulation - (278)

Attack Pattern Windows ::DATA Alternate Data Stream - (168)

Attack Pattern WSDL Scanning - (95)

Attack Pattern XEE (XML Entity Expansion) - (197)

Attack Pattern XML Attribute Blowup - (229)

Attack Pattern XML Injection - (250)

Attack Pattern XML Parser Attack - (99)

Attack Pattern XML Ping of Death - (147)

Attack Pattern XML Routing Detour Attacks - (219)

Attack Pattern XML Schema Poisoning - (146)

Attack Pattern XPath Injection - (83)

Attack Pattern XQuery Injection - (84)

Attack Pattern XSS in IMG Tags - (91)

Page Last Updated: September 22, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us