CAPEC - CAPEC Detailed Abstraction Attack Pattern List Release 1.4

Home > CAPEC List > CAPEC Detailed Abstraction Attack Pattern List Release 1.4

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

Section Contents
CAPEC List
Full CAPEC Dictionary
Methods of Attack View

CAPEC Detailed Abstraction Attack Pattern List Release 1.4

CAPEC Detailed Abstraction Attack Pattern List Release 1.4

This view (slice) covers detailed abstraction attack patterns.

Accessing/Intercepting/Modifying HTTP Cookies - (31)

Analog In-band Switching Signals (aka Blue Boxing) - (5)

Blind SQL Injection - (7)

Buffer Overflow in an API Call - (8)

Buffer Overflow in Local Command-Line Utilities - (9)

Buffer Overflow via Environment Variables - (10)

Buffer Overflow via Parameter Expansion - (47)

Buffer Overflow via Symbolic Links - (45)

Client Network Footprinting (using AJAX/XSS) - (85)

Client-side Injection-induced Buffer Overflow - (14)

Dictionary-based Password Attack - (16)

Embedding NULL Bytes - (52)

Embedding Script (XSS ) in HTTP Headers - (86)

Embedding Scripts in HTTP Query Strings - (32)

Filter Failure through Buffer Overflow - (24)

HTTP Request Smuggling - (33)

HTTP Response Splitting - (34)

JSON Hijacking (aka JavaScript Hijacking) - (111)

Leveraging Race Conditions via Symbolic Links - (27)

Manipulating Writeable Terminal Devices - (40)

MIME Conversion - (42)

Overflow Binary Resource File - (44)

Overflow Variables and Tags - (46)

Passing Local Filenames to Functions That Expect a URL - (48)

Postfix, Null Terminate, and Backslash - (53)

Read Sensitive Stings Within an Executable - (191)

Restful Privilege Elevation - (58)

Session Credential Falsification through Prediction - (59)

String Format Overflow in syslog() - (67)

Try Common(default) Usernames and Passwords - (70)

Using Alternative IP Address Encodings - (4)

Using Escaped Slashes in Alternate Encoding - (78)

Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)

Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Using Slashes in Alternate Encoding - (79)

Using Unicode Encoding to Bypass Validation Logic - (71)

Using Unpublished Web Service APIs - (36)

Using UTF-8 Encoding to Bypass Validation Logic - (80)

Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)

WSDL Scanning - (95)

XPath Injection - (83)

XQuery Injection - (84)

XSS in IMG Tags - (91)

Page Last Updated: September 09, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us