Home > CAPEC List > Reports > Differences between 2.11 and 3.0 Content  

Differences between 2.11 and 3.0 Content

Special note:

This difference report was created to show both changes in content and changes resulting from migrating to the new CAPEC 3.0 Schema. A difference report from CAPEC Version 2.12 to CAPEC Version 3.0 would be a result of schema changes and not reflect updated content.

Summary

Total (3.0) (not including Deprecated) 577
Total (2.11) (not including Deprecated) 566
Attack Patterns
New Patterns Added 21
Existing Patterns Modified with Enhanced Material 228
Patterns Deprecated 10
Categories
Existing Categories Modified with Enhanced Material 6
Views
Existing Views Modified with Enhanced Material 1
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 99
CAPEC -> CWE Mappings Removed 13

Summary of Entry Types

Type 2.11 3.0
Views 9 9
Categories 49 49
Attack Patterns 508 519
Deprecated 60 70

Attack Pattern Changes

New Patterns Added
CAPEC-478 Modification of Windows Service Configuration
CAPEC-479 Malicious Root Certificate
CAPEC-633 Token Impersonation
CAPEC-634 Probe Audio and Video Peripherals
CAPEC-635 Alternative Execution Due to Deceptive Filenames
CAPEC-636 Hiding Malicious Data or Code within Files
CAPEC-637 Collect Data from Clipboard
CAPEC-638 Altered Component Firmware
CAPEC-639 Probe System Files
CAPEC-640 Inclusion of Code in Existing Process
CAPEC-641 DLL Side-Loading
CAPEC-642 Replace Binaries
CAPEC-643 Identify Shared Files/Directories on System
CAPEC-644 Use of Captured Hashes (Pass The Hash)
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
CAPEC-646 Peripheral Footprinting
CAPEC-647 Collect Data from Registries
CAPEC-648 Collect Data from Screen Capture
CAPEC-649 Adding a Space to a File Extension
CAPEC-650 Upload a Web Shell to a Web Server
CAPEC-651 Eavesdropping

Existing Patterns Modified with Enhanced Material
CAPEC-2 Inducing Account Lockout
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-11 Cause Web Server Misclassification
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-19 Embedding Scripts within Scripts
CAPEC-23 File Content Injection
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-25 Forced Deadlock
CAPEC-26 Leveraging Race Conditions
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-30 Hijacking a Privileged Thread of Execution
CAPEC-32 XSS Through HTTP Query Strings
CAPEC-33 HTTP Request Smuggling
CAPEC-34 HTTP Response Splitting
CAPEC-35 Leverage Executable Code in Non-Executable Files
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-40 Manipulating Writeable Terminal Devices
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-48 Passing Local Filenames to Functions That Expect a URL
CAPEC-49 Password Brute Forcing
CAPEC-52 Embedding NULL Bytes
CAPEC-54 Query System for Information
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-68 Subvert Code-signing Facilities
CAPEC-69 Target Programs with Elevated Privileges
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
CAPEC-83 XPath Injection
CAPEC-85 AJAX Fingerprinting
CAPEC-87 Forceful Browsing
CAPEC-92 Forced Integer Overflow
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-94 Man in the Middle Attack
CAPEC-95 WSDL Scanning
CAPEC-96 Block Access to Libraries
CAPEC-97 Cryptanalysis
CAPEC-98 Phishing
CAPEC-101 Server Side Include (SSI) Injection
CAPEC-117 Interception
CAPEC-120 Double Encoding
CAPEC-121 Exploit Test APIs
CAPEC-127 Directory Indexing
CAPEC-135 Format String Injection
CAPEC-136 LDAP Injection
CAPEC-139 Relative Path Traversal
CAPEC-146 XML Schema Poisoning
CAPEC-147 XML Ping of the Death
CAPEC-157 Sniffing Attacks
CAPEC-158 Sniffing Network Traffic
CAPEC-159 Redirect Access to Libraries
CAPEC-163 Spear Phishing
CAPEC-168 Windows ::DATA Alternate Data Stream
CAPEC-170 Web Application Fingerprinting
CAPEC-177 Create files with the same name as files protected with a higher classification
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-182 Flash Injection
CAPEC-184 Software Integrity Attack
CAPEC-186 Malicious Software Update
CAPEC-188 Reverse Engineering
CAPEC-192 Protocol Analysis
CAPEC-193 PHP Remote File Inclusion
CAPEC-194 Fake the Source of Data
CAPEC-195 Principal Spoof
CAPEC-196 Session Credential Falsification through Forging
CAPEC-197 XML Entity Expansion
CAPEC-201 XML Entity Linking
CAPEC-203 Manipulate Registry Information
CAPEC-206 Signing Malicious Code
CAPEC-212 Functionality Misuse
CAPEC-215 Fuzzing and observing application log data/errors for application mapping
CAPEC-221 XML External Entities Blowup
CAPEC-222 iFrame Overlay
CAPEC-224 Fingerprinting
CAPEC-237 Escaping a Sandbox by Calling Signed Code in Another Language
CAPEC-239 Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.
CAPEC-243 XSS Targeting HTML Attributes
CAPEC-244 XSS Targeting URI Placeholders
CAPEC-250 XML Injection
CAPEC-251 Local Code Inclusion
CAPEC-253 Remote Code Inclusion
CAPEC-263 Force Use of Corrupted Files
CAPEC-267 Leverage Alternate Encoding
CAPEC-270 Modification of Registry Run Keys
CAPEC-271 Schema Poisoning
CAPEC-273 HTTP Response Smuggling
CAPEC-275 DNS Rebinding
CAPEC-276 Inter-component Protocol Manipulation
CAPEC-277 Data Interchange Protocol Manipulation
CAPEC-278 Web Services Protocol Manipulation
CAPEC-279 SOAP Manipulation
CAPEC-285 ICMP Echo Request Ping
CAPEC-287 TCP SYN Scan
CAPEC-290 Enumerate Mail Exchange (MX) Records
CAPEC-291 DNS Zone Transfers
CAPEC-292 Host Discovery
CAPEC-293 Traceroute Route Enumeration
CAPEC-294 ICMP Address Mask Request
CAPEC-295 Timestamp Request
CAPEC-296 ICMP Information Request
CAPEC-297 TCP ACK Ping
CAPEC-298 UDP Ping
CAPEC-299 TCP SYN Ping
CAPEC-300 Port Scanning
CAPEC-301 TCP Connect Scan
CAPEC-302 TCP FIN Scan
CAPEC-303 TCP Xmas Scan
CAPEC-304 TCP Null Scan
CAPEC-305 TCP ACK Scan
CAPEC-306 TCP Window Scan
CAPEC-307 TCP RPC Scan
CAPEC-308 UDP Scan
CAPEC-309 Network Topology Mapping
CAPEC-310 Scanning for Vulnerable Software
CAPEC-312 Active OS Fingerprinting
CAPEC-313 Passive OS Fingerprinting
CAPEC-317 IP ID Sequencing Probe
CAPEC-318 IP 'ID' Echoed Byte-Order Probe
CAPEC-319 IP (DF) 'Don't Fragment Bit' Echoing Probe
CAPEC-320 TCP Timestamp Probe
CAPEC-321 TCP Sequence Number Probe
CAPEC-322 TCP (ISN) Greatest Common Divisor Probe
CAPEC-323 TCP (ISN) Counter Rate Probe
CAPEC-324 TCP (ISN) Sequence Predictability Probe
CAPEC-325 TCP Congestion Control Flag (ECN) Probe
CAPEC-326 TCP Initial Window Size Probe
CAPEC-327 TCP Options Probe
CAPEC-328 TCP 'RST' Flag Checksum Probe
CAPEC-329 ICMP Error Message Quoting Probe
CAPEC-330 ICMP Error Message Echoing Integrity Probe
CAPEC-331 ICMP IP Total Length Field Probe
CAPEC-332 ICMP IP 'ID' Field Error Message Probe
CAPEC-383 Harvesting Information via API Event Monitoring
CAPEC-388 Application API Button Hijacking
CAPEC-401 Hacking Hardware
CAPEC-406 Dumpster Diving
CAPEC-421 Influence Perception of Authority
CAPEC-440 Hardware Integrity Attack
CAPEC-441 Malicious Logic Insertion
CAPEC-442 Infected Software
CAPEC-443 Malicious Logic Inserted Into Product Software by Authorized Developer
CAPEC-444 Development Alteration
CAPEC-445 Malicious Logic Insertion into Product Software via Configuration Management Manipulation
CAPEC-446 Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency
CAPEC-447 Design Alteration
CAPEC-448 Embed Virus into DLL
CAPEC-452 Infected Hardware
CAPEC-456 Infected Memory
CAPEC-457 USB Memory Attacks
CAPEC-459 Creating a Rogue Certification Authority Certificate
CAPEC-461 Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
CAPEC-463 Padding Oracle Crypto Attack
CAPEC-471 Search Order Hijacking
CAPEC-484 XML Client-Side Attack
CAPEC-499 Intent Intercept
CAPEC-501 Activity Hijack
CAPEC-502 Intent Spoof
CAPEC-504 Task Impersonation
CAPEC-505 Scheme Squatting
CAPEC-506 Tapjacking
CAPEC-529 Malware-Directed Internal Reconnaissance
CAPEC-532 Altered Installed BIOS
CAPEC-534 Malicious Hardware Update
CAPEC-536 Data Injected During Configuration
CAPEC-538 Open Source Libraries Altered
CAPEC-542 Targeted Malware
CAPEC-543 Counterfeit Websites
CAPEC-546 Probe Application Memory
CAPEC-550 Install New Service
CAPEC-552 Install Rootkit
CAPEC-555 Remote Services with Stolen Credentials
CAPEC-556 Replace File Extension Handlers
CAPEC-558 Replace Trusted Executable
CAPEC-560 Use of Known Domain Credentials
CAPEC-564 Run Software at Logon
CAPEC-568 Capture Credentials via Keylogger
CAPEC-569 Collect Data as Provided by Users
CAPEC-571 Block Logging to Central Repository
CAPEC-573 Process Footprinting
CAPEC-574 Services Footprinting
CAPEC-575 Account Footprinting
CAPEC-576 Group Permission Footprinting
CAPEC-577 Owner Footprinting
CAPEC-578 Disable Security Software
CAPEC-580 Application Footprinting
CAPEC-581 Security Software Footprinting
CAPEC-586 Object Injection
CAPEC-593 Session Hijacking
CAPEC-604 Wi-Fi Jamming
CAPEC-605 Cellular Jamming
CAPEC-606 Weakening of Cellular Encryption
CAPEC-607 Obstruction
CAPEC-608 Cryptanalysis of Cellular Encryption
CAPEC-609 Cellular Traffic Intercept
CAPEC-611 BitSquatting
CAPEC-612 WiFi MAC Address Tracking
CAPEC-613 WiFi SSID Tracking
CAPEC-614 Rooting SIM Cards
CAPEC-615 Evil Twin Wi-Fi Attack
CAPEC-617 Cellular Rogue Base Station
CAPEC-618 Cellular Broadcast Message Request
CAPEC-619 Signal Strength Tracking
CAPEC-620 Drop Encryption Level
CAPEC-621 Analysis of Packet Timing and Sizes
CAPEC-622 Electromagnetic Side-Channel Attack
CAPEC-623 Compromising Emanations Attack
CAPEC-625 Mobile Device Fault Injection
CAPEC-626 Smudge Attack
CAPEC-628 Carry-Off GPS Attack
CAPEC-629 Unauthorized Use of Device Resources
CAPEC-630 TypoSquatting
CAPEC-631 SoundSquatting
CAPEC-632 Homograph Attack via Homoglyphs

Patterns Deprecated
CAPEC-235 DEPRECATED: Implementing a callback to system routine (old AWT Queue)
CAPEC-238 DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
CAPEC-249 DEPRECATED: Linux Terminal Injection
CAPEC-280 DEPRECATED: SOAP Parameter Tampering
CAPEC-430 DEPRECATED: Target Influence via Micro-Expressions
CAPEC-431 DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)
CAPEC-432 DEPRECATED: Target Influence via Voice in NLP
CAPEC-557 DEPRECATED: Schedule Software To Run
CAPEC-567 DEPRECATED: Obtain Data via Utilities
CAPEC-570 DEPRECATED: Signature-Based Avoidance

Category Changes

New Categories Added

Existing Categories Modified with Enhanced Material
CAPEC-152 Inject Unexpected Items
CAPEC-225 Subvert Access Control
CAPEC-512 Communications
CAPEC-513 Software
CAPEC-514 Physical Security
CAPEC-515 Hardware

Categories Deprecated

View Changes

Views Added

Existing Views Modified with Enhanced Material
CAPEC-3000 Domains of Attack

Views Deprecated

Mapping Changes

CAPEC --> CWE Mappings Added
CAPEC-120 Double Encoding
  --> CWE-20 Improper Input Validation
  --> CWE-21 Pathname Traversal and Equivalence Errors
  --> CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  --> CWE-171 Cleansing, Canonicalization, and Comparison Errors
  --> CWE-172 Encoding Error
  --> CWE-173 Improper Handling of Alternate Encoding
  --> CWE-177 Improper Handling of URL Encoding (Hex Encoding)
  --> CWE-181 Incorrect Behavior Order: Validate Before Filter
  --> CWE-183 Permissive Whitelist
  --> CWE-184 Incomplete Blacklist
  --> CWE-692 Incomplete Blacklist to Cross-Site Scripting
  --> CWE-697 Insufficient Comparison
CAPEC-159 Redirect Access to Libraries
  --> CWE-426 Untrusted Search Path
  --> CWE-427 Uncontrolled Search Path Element
  --> CWE-428 Unquoted Search Path or Element
CAPEC-177 Create files with the same name as files protected with a higher classification
  --> CWE-706 Use of Incorrectly-Resolved Name or Reference
CAPEC-192 Protocol Analysis
  --> CWE-326 Inadequate Encryption Strength
CAPEC-194 Fake the Source of Data
  --> CWE-287 Improper Authentication
CAPEC-201 XML Entity Linking
  --> CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CAPEC-203 Manipulate Registry Information
  --> CWE-15 External Control of System or Configuration Setting
CAPEC-206 Signing Malicious Code
  --> CWE-732 Incorrect Permission Assignment for Critical Resource
CAPEC-221 XML External Entities Blowup
  --> CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
CAPEC-253 Remote Code Inclusion
  --> CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CAPEC-271 Schema Poisoning
  --> CWE-15 External Control of System or Configuration Setting
  --> CWE-472 External Control of Assumed-Immutable Web Parameter
CAPEC-276 Inter-component Protocol Manipulation
  --> CWE-707 Improper Enforcement of Message or Data Structure
CAPEC-279 SOAP Manipulation
  --> CWE-674 Uncontrolled Recursion
CAPEC-285 ICMP Echo Request Ping
  --> CWE-200 Information Exposure
CAPEC-287 TCP SYN Scan
  --> CWE-200 Information Exposure
CAPEC-290 Enumerate Mail Exchange (MX) Records
  --> CWE-200 Information Exposure
CAPEC-291 DNS Zone Transfers
  --> CWE-200 Information Exposure
CAPEC-292 Host Discovery
  --> CWE-200 Information Exposure
CAPEC-293 Traceroute Route Enumeration
  --> CWE-200 Information Exposure
CAPEC-294 ICMP Address Mask Request
  --> CWE-200 Information Exposure
CAPEC-295 Timestamp Request
  --> CWE-200 Information Exposure
CAPEC-296 ICMP Information Request
  --> CWE-200 Information Exposure
CAPEC-297 TCP ACK Ping
  --> CWE-200 Information Exposure
CAPEC-298 UDP Ping
  --> CWE-200 Information Exposure
CAPEC-299 TCP SYN Ping
  --> CWE-200 Information Exposure
CAPEC-300 Port Scanning
  --> CWE-200 Information Exposure
CAPEC-301 TCP Connect Scan
  --> CWE-200 Information Exposure
CAPEC-302 TCP FIN Scan
  --> CWE-200 Information Exposure
CAPEC-303 TCP Xmas Scan
  --> CWE-200 Information Exposure
CAPEC-304 TCP Null Scan
  --> CWE-200 Information Exposure
CAPEC-305 TCP ACK Scan
  --> CWE-200 Information Exposure
CAPEC-306 TCP Window Scan
  --> CWE-200 Information Exposure
CAPEC-307 TCP RPC Scan
  --> CWE-200 Information Exposure
CAPEC-308 UDP Scan
  --> CWE-200 Information Exposure
CAPEC-309 Network Topology Mapping
  --> CWE-200 Information Exposure
CAPEC-310 Scanning for Vulnerable Software
  --> CWE-200 Information Exposure
CAPEC-312 Active OS Fingerprinting
  --> CWE-200 Information Exposure
CAPEC-313 Passive OS Fingerprinting
  --> CWE-200 Information Exposure
CAPEC-317 IP ID Sequencing Probe
  --> CWE-200 Information Exposure
CAPEC-318 IP 'ID' Echoed Byte-Order Probe
  --> CWE-200 Information Exposure
CAPEC-319 IP (DF) 'Don't Fragment Bit' Echoing Probe
  --> CWE-200 Information Exposure
CAPEC-320 TCP Timestamp Probe
  --> CWE-200 Information Exposure
CAPEC-321 TCP Sequence Number Probe
  --> CWE-200 Information Exposure
CAPEC-322 TCP (ISN) Greatest Common Divisor Probe
  --> CWE-200 Information Exposure
CAPEC-323 TCP (ISN) Counter Rate Probe
  --> CWE-200 Information Exposure
CAPEC-324 TCP (ISN) Sequence Predictability Probe
  --> CWE-200 Information Exposure
CAPEC-325 TCP Congestion Control Flag (ECN) Probe
  --> CWE-200 Information Exposure
CAPEC-326 TCP Initial Window Size Probe
  --> CWE-200 Information Exposure
CAPEC-327 TCP Options Probe
  --> CWE-200 Information Exposure
CAPEC-328 TCP 'RST' Flag Checksum Probe
  --> CWE-200 Information Exposure
CAPEC-329 ICMP Error Message Quoting Probe
  --> CWE-200 Information Exposure
CAPEC-330 ICMP Error Message Echoing Integrity Probe
  --> CWE-200 Information Exposure
CAPEC-441 Malicious Logic Insertion
  --> CWE-284 Improper Access Control
CAPEC-478 Modification of Windows Service Configuration
  --> CWE-285 Improper Authorization
CAPEC-479 Malicious Root Certificate
  --> CWE-284 Improper Access Control
CAPEC-499 Intent Intercept
  --> CWE-925 Improper Verification of Intent by Broadcast Receiver
CAPEC-501 Activity Hijack
  --> CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
CAPEC-536 Data Injected During Configuration
  --> CWE-284 Improper Access Control
CAPEC-546 Probe Application Memory
  --> CWE-284 Improper Access Control
CAPEC-555 Remote Services with Stolen Credentials
  --> CWE-522 Insufficiently Protected Credentials
CAPEC-573 Process Footprinting
  --> CWE-200 Information Exposure
CAPEC-574 Services Footprinting
  --> CWE-200 Information Exposure
CAPEC-575 Account Footprinting
  --> CWE-200 Information Exposure
CAPEC-576 Group Permission Footprinting
  --> CWE-200 Information Exposure
CAPEC-577 Owner Footprinting
  --> CWE-200 Information Exposure
CAPEC-578 Disable Security Software
  --> CWE-285 Improper Authorization
CAPEC-586 Object Injection
  --> CWE-502 Deserialization of Untrusted Data
CAPEC-633 Token Impersonation
  --> CWE-287 Improper Authentication
CAPEC-634 Probe Audio and Video Peripherals
  --> CWE-267 Privilege Defined With Unsafe Actions
CAPEC-635 Alternative Execution Due to Deceptive Filenames
  --> CWE-162 Improper Neutralization of Trailing Special Elements
CAPEC-637 Collect Data from Clipboard
  --> CWE-267 Privilege Defined With Unsafe Actions
CAPEC-639 Probe System Files
  --> CWE-552 Files or Directories Accessible to External Parties
CAPEC-640 Inclusion of Code in Existing Process
  --> CWE-706 Use of Incorrectly-Resolved Name or Reference
CAPEC-641 DLL Side-Loading
  --> CWE-706 Use of Incorrectly-Resolved Name or Reference
CAPEC-642 Replace Binaries
  --> CWE-732 Incorrect Permission Assignment for Critical Resource
CAPEC-643 Identify Shared Files/Directories on System
  --> CWE-200 Information Exposure
  --> CWE-267 Privilege Defined With Unsafe Actions
CAPEC-644 Use of Captured Hashes (Pass The Hash)
  --> CWE-522 Insufficiently Protected Credentials
CAPEC-645 Use of Captured Tickets (Pass The Ticket)
  --> CWE-522 Insufficiently Protected Credentials
CAPEC-646 Peripheral Footprinting
  --> CWE-200 Information Exposure
CAPEC-647 Collect Data from Registries
  --> CWE-285 Improper Authorization
CAPEC-648 Collect Data from Screen Capture
  --> CWE-267 Privilege Defined With Unsafe Actions
CAPEC-649 Adding a Space to a File Extension
  --> CWE-64 Windows Shortcut Following (.LNK)
CAPEC-650 Upload a Web Shell to a Web Server
  --> CWE-553 Command Shell in Externally Accessible Directory
CAPEC-651 Eavesdropping
  --> CWE-200 Information Exposure

CAPEC --> CWE Mappings Removed
CAPEC-7 Blind SQL Injection
  --> CWE-390 Detection of Error Condition Without Action
CAPEC-11 Cause Web Server Misclassification
  --> CWE-69 Improper Handling of Windows ::DATA Alternate Data Stream
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
  --> CWE-427 Uncontrolled Search Path Element
  --> CWE-428 Unquoted Search Path or Element
  --> CWE-706 Use of Incorrectly-Resolved Name or Reference
CAPEC-66 SQL Injection
  --> CWE-390 Detection of Error Condition Without Action
CAPEC-83 XPath Injection
  --> CWE-390 Detection of Error Condition Without Action
CAPEC-97 Cryptanalysis
  --> CWE-693 Protection Mechanism Failure
  --> CWE-719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
CAPEC-159 Redirect Access to Libraries
  --> CWE-714 OWASP Top Ten 2007 Category A3 - Malicious File Execution
CAPEC-194 Fake the Source of Data
  --> CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CAPEC-250 XML Injection
  --> CWE-390 Detection of Error Condition Without Action
CAPEC-471 DLL Search Order Hijacking
  --> CWE-706 Use of Incorrectly-Resolved Name or Reference

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 01, 2018