CAPEC - VIEW LIST: CAPEC-284: Detailed Abstractions (Release 1.4)

Home > CAPEC List > VIEW LIST: CAPEC-284: Detailed Abstractions (Release 1.4)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

CAPEC-284: Detailed Abstractions

Detailed Abstractions

Definition in a New Window

View ID: 284 (View: Implicit Slice)

Status: Draft

View Data

View Structure: Implicit_Slice

View Objective

This view (slice) covers detailed abstraction attack patterns.

Filter Used: .//@Pattern_Abstraction='Detailed'

	CAPECs in this view		Total CAPECs
Total	80	out of	310
Views	0	out of	5
Categories	0	out of	18
Attack Patterns	87	out of	287

Attack Pattern Accessing/Intercepting/Modifying HTTP Cookies - (31)

Attack Pattern Analog In-band Switching Signals (aka Blue Boxing) - (5)

Attack Pattern Blind SQL Injection - (7)

Attack Pattern Buffer Overflow in an API Call - (8)

Attack Pattern Buffer Overflow in Local Command-Line Utilities - (9)

Attack Pattern Buffer Overflow via Environment Variables - (10)

Attack Pattern Buffer Overflow via Parameter Expansion - (47)

Attack Pattern Buffer Overflow via Symbolic Links - (45)

Attack Pattern Calling signed code from another language within a sandbox that allows this - (237)

Attack Pattern Catching exception throw/signal from privileged block - (236)

Attack Pattern Client Network Footprinting (using AJAX/XSS) - (85)

Attack Pattern Client-side Injection-induced Buffer Overflow - (14)

Attack Pattern Cross-Site Scripting in Attributes - (243)

Attack Pattern Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript - (245)

Attack Pattern Cross-Site Scripting via Encoded URI Schemes - (244)

Attack Pattern Cross-Site Scripting with Masking through Invalid Characters in Identifiers - (247)

Attack Pattern Dictionary-based Password Attack - (16)

Attack Pattern DNS Rebinding - (275)

Attack Pattern DTD Injection in a SOAP Message - (254)

Attack Pattern Embedding NULL Bytes - (52)

Attack Pattern Embedding Script (XSS ) in HTTP Headers - (86)

Attack Pattern Embedding Scripts in HTTP Query Strings - (32)

Attack Pattern Exploiting Incorrectly Configured SSL Security Levels - (217)

Attack Pattern Filter Failure through Buffer Overflow - (24)

Attack Pattern Fuzzing and observing application log data/errors for application mapping - (215)

Attack Pattern Fuzzing for garnering (through web or log) other adjacent user/sensitive data as an authorized system user (overly broad but valid SQL queries) - (261)

Attack Pattern Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)

Attack Pattern HTTP Request Smuggling - (33)

Attack Pattern HTTP Response Smuggling - (273)

Attack Pattern HTTP Response Splitting - (34)

Attack Pattern HTTP Verb Tampering - (274)

Attack Pattern ICMP Address Mask Request - (294)

Attack Pattern ICMP Echo Request Ping - (285)

Attack Pattern ICMP Echo Request Ping - (288)

Attack Pattern ICMP Information Request - (296)

Attack Pattern ICMP Timestamp Request - (295)

Attack Pattern Implementing a callback to system routine (old AWT Queue) - (235)

Attack Pattern JSON Hijacking (aka JavaScript Hijacking) - (111)

Attack Pattern Leveraging Race Conditions via Symbolic Links - (27)

Attack Pattern Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior - (211)

Attack Pattern Manipulating Writeable Terminal Devices - (40)

Attack Pattern MIME Conversion - (42)

Attack Pattern Overflow Binary Resource File - (44)

Attack Pattern Overflow Variables and Tags - (46)

Attack Pattern Passing Local Filenames to Functions That Expect a URL - (48)

Attack Pattern Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update - (258)

Attack Pattern Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution - (260)

Attack Pattern Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching - (259)

Attack Pattern Postfix, Null Terminate, and Backslash - (53)

Attack Pattern Read Sensitive Stings Within an Executable - (191)

Attack Pattern Resource Depletion through DTD Injection in a SOAP Message - (228)

Attack Pattern Restful Privilege Elevation - (58)

Attack Pattern Session Credential Falsification through Manipulation - (226)

Attack Pattern Session Credential Falsification through Prediction - (59)

Attack Pattern SOAP Array Overflow - (256)

Attack Pattern SOAP Parameter Tampering - (280)

Attack Pattern Spoofing of UDDI/ebXML Messages - (218)

Attack Pattern String Format Overflow in syslog() - (67)

Attack Pattern TCP ACK Ping - (297)

Attack Pattern TCP ACK Scan - (305)

Attack Pattern TCP Connect Scan - (301)

Attack Pattern TCP FIN scan - (302)

Attack Pattern TCP Null Scan - (304)

Attack Pattern TCP RPC Scan - (307)

Attack Pattern TCP SYN Ping - (299)

Attack Pattern TCP SYN Scan - (287)

Attack Pattern TCP Window Scan - (306)

Attack Pattern TCP Xmas Scan - (303)

Attack Pattern Traceroute Route Enumeration - (293)

Attack Pattern Try Common(default) Usernames and Passwords - (70)

Attack Pattern UDP Ping - (298)

Attack Pattern UDP Scan - (308)

Attack Pattern Using Alternative IP Address Encodings - (4)

Attack Pattern Using Escaped Slashes in Alternate Encoding - (78)

Attack Pattern Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)

Attack Pattern Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

Attack Pattern Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Attack Pattern Using Slashes in Alternate Encoding - (79)

Attack Pattern Using Unicode Encoding to Bypass Validation Logic - (71)

Attack Pattern Using Unpublished Web Service APIs - (36)

Attack Pattern Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege - (238)

Attack Pattern Using UTF-8 Encoding to Bypass Validation Logic - (80)

Attack Pattern Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)

Attack Pattern WSDL Scanning - (95)

Attack Pattern XPath Injection - (83)

Attack Pattern XQuery Injection - (84)

Attack Pattern XSS in IMG Tags - (91)

Page Last Updated: September 22, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us