CAPEC - CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)

Home > CAPEC List > CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)

CAPEC List
Full CAPEC Dictionary
Classification Tree
Other Views

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

Contact Us
Search the Site

Section Contents
CAPEC List
Full CAPEC Dictionary
Classification Tree
Download
Other Views

CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)

CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)

This view (slice) covers detailed abstraction attack patterns.

Accessing/Intercepting/Modifying HTTP Cookies - (31)

Analog In-band Switching Signals (aka Blue Boxing) - (5)

Blind SQL Injection - (7)

Buffer Overflow in an API Call - (8)

Buffer Overflow in Local Command-Line Utilities - (9)

Buffer Overflow via Environment Variables - (10)

Buffer Overflow via Parameter Expansion - (47)

Buffer Overflow via Symbolic Links - (45)

Client Network Footprinting (using AJAX/XSS) - (85)

Client-side Injection-induced Buffer Overflow - (14)

Dictionary-based Password Attack - (16)

Embedding NULL Bytes - (52)

Embedding Script (XSS ) in HTTP Headers - (86)

Embedding Scripts in HTTP Query Strings - (32)

Filter Failure through Buffer Overflow - (24)

HTTP Request Smuggling - (33)

HTTP Response Splitting - (34)

Leveraging Race Conditions via Symbolic Links - (27)

Manipulating Writeable Terminal Devices - (40)

MIME Conversion - (42)

Overflow Binary Resource File - (44)

Overflow Variables and Tags - (46)

Passing Local Filenames to Functions That Expect a URL - (48)

Postfix, Null Terminate, and Backslash - (53)

Restful Privilege Elevation - (58)

Session Credential Falsification through Prediction - (59)

String Format Overflow in syslog() - (67)

Try Common(default) Usernames and Passwords - (70)

Using Alternative IP Address Encodings - (4)

Using Escaped Slashes in Alternate Encoding - (78)

Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)

Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Using Slashes in Alternate Encoding - (79)

Using Unicode Encoding to Bypass Validation Logic - (71)

Using Unpublished Web Service APIs - (36)

Using UTF-8 Encoding to Bypass Validation Logic - (80)

Utilizing REST’s Trust in the System Resource to Register Man in the Middle - (57)

WSDL Scanning - (95)

XPath Injection - (83)

XQuery Injection - (84)

XSS in IMG Tags - (91)


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. Contact capec@mitre.org for more information.	Page Last Updated: April 18, 2008 Privacy policy Terms of use Contact us

Common Attack Pattern Enumeration and Classification

Common Attack Pattern Enumeration and Classification

A Community Knowledge Resource for Building Secure Software

CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)

CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)

Common Attack Pattern Enumeration and Classification Common Attack Pattern Enumeration and Classification

A Community Knowledge Resource for Building Secure Software

CAPEC Detailed Abstraction Attack Pattern List (Release 1.1) CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)

Common Attack Pattern Enumeration and Classification

Common Attack Pattern Enumeration and Classification

CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)

CAPEC Detailed Abstraction Attack Pattern List (Release 1.1)