New to CAPEC? Start Here
Home > CAPEC List > CAPEC-483: Deprecated Entries (Version 3.6)  

CAPEC VIEW: Deprecated Entries

View ID: 483
Structure: Implicit
Status: Draft
Downloads: Booklet | CSV | XML
+ Objective
CAPEC nodes in this view (slice) have been deprecated.
+ Filter
/Attack_Pattern_Catalog/*/*[@Status='Deprecated']
+ Membership
NatureTypeIDName
HasMemberDeprecatedDeprecated56DEPRECATED: Removing/short-circuiting 'guard logic'
HasMemberDeprecatedDeprecated82DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
HasMemberDeprecatedDeprecated91DEPRECATED: XSS in IMG Tags
HasMemberDeprecatedDeprecated99DEPRECATED: XML Parser Attack
HasMemberDeprecatedDeprecated106DEPRECATED: XSS through Log Files
HasMemberDeprecatedDeprecated119DEPRECATED: Deplete Resources
HasMemberDeprecatedDeprecated171DEPRECATED: Variable Manipulation
HasMemberDeprecatedDeprecated205DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)
HasMemberDeprecatedDeprecated211DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
HasMemberDeprecatedDeprecated213DEPRECATED: Directory Traversal
HasMemberDeprecatedDeprecated214DEPRECATED: Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
HasMemberDeprecatedDeprecated232DEPRECATED: Exploitation of Authorization
HasMemberDeprecatedDeprecated235DEPRECATED: Implementing a callback to system routine (old AWT Queue)
HasMemberDeprecatedDeprecated236DEPRECATED: Catching exception throw/signal from privileged block
HasMemberDeprecatedDeprecated238DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
HasMemberDeprecatedDeprecated239DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.
HasMemberDeprecatedDeprecated241DEPRECATED: Code Injection
HasMemberDeprecatedDeprecated246DEPRECATED: XSS Using Flash
HasMemberDeprecatedDeprecated249DEPRECATED: Linux Terminal Injection
HasMemberDeprecatedDeprecated254DEPRECATED: DTD Injection in a SOAP Message
HasMemberDeprecatedDeprecated257DEPRECATED: Abuse of Transaction Data Structure
HasMemberDeprecatedDeprecated258DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
HasMemberDeprecatedDeprecated259DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
HasMemberDeprecatedDeprecated260DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
HasMemberDeprecatedDeprecated264DEPRECATED: Environment Variable Manipulation
HasMemberDeprecatedDeprecated265DEPRECATED: Global variable manipulation
HasMemberDeprecatedDeprecated266DEPRECATED: Manipulate Canonicalization
HasMemberDeprecatedDeprecated269DEPRECATED: Registry Manipulation
HasMemberDeprecatedDeprecated280DEPRECATED: SOAP Parameter Tampering
HasMemberDeprecatedDeprecated281DEPRECATED: Analyze Target
HasMemberDeprecatedDeprecated286DEPRECATED: Reconnaissance
HasMemberDeprecatedDeprecated288DEPRECATED: ICMP Echo Request Ping
HasMemberDeprecatedDeprecated289DEPRECATED: Infrastructure-based footprinting
HasMemberDeprecatedDeprecated311DEPRECATED: OS Fingerprinting
HasMemberDeprecatedDeprecated314DEPRECATED: IP Fingerprinting Probes
HasMemberDeprecatedDeprecated315DEPRECATED: TCP/IP Fingerprinting Probes
HasMemberDeprecatedDeprecated316DEPRECATED: ICMP Fingerprinting Probes
HasMemberDeprecatedDeprecated334DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication
HasMemberDeprecatedDeprecated335DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization
HasMemberDeprecatedDeprecated336DEPRECATED: WASC-03 - Integer Overflows
HasMemberDeprecatedDeprecated337DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection
HasMemberDeprecatedDeprecated338DEPRECATED: WASC-05 - Remote File Inclusion
HasMemberDeprecatedDeprecated339DEPRECATED: WASC-06 - Format String
HasMemberDeprecatedDeprecated340DEPRECATED: WASC-07 - Buffer Overflow
HasMemberDeprecatedDeprecated341DEPRECATED: WASC-08 - Cross-Site Scripting
HasMemberDeprecatedDeprecated342DEPRECATED: WASC-09 - Cross-Site Request Forgery
HasMemberDeprecatedDeprecated343DEPRECATED: WASC-10 - Denial of Service
HasMemberDeprecatedDeprecated344DEPRECATED: WASC-11 - Brute Force
HasMemberDeprecatedDeprecated345DEPRECATED: WASC-12 - Content Spoofing
HasMemberDeprecatedDeprecated346DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage
HasMemberDeprecatedDeprecated347DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration
HasMemberDeprecatedDeprecated348DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration
HasMemberDeprecatedDeprecated349DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing
HasMemberDeprecatedDeprecated350DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions
HasMemberDeprecatedDeprecated351DEPRECATED: WASC-18 - Credential/Session Prediction
HasMemberDeprecatedDeprecated352DEPRECATED: WASC-19 - SQL Injection
HasMemberDeprecatedDeprecated353DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling
HasMemberDeprecatedDeprecated354DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation
HasMemberDeprecatedDeprecated355DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling
HasMemberDeprecatedDeprecated356DEPRECATED: WASC-23 - XML Injection
HasMemberDeprecatedDeprecated357DEPRECATED: WASC-24 - HTTP Request Splitting
HasMemberDeprecatedDeprecated358DEPRECATED: WASC-25 - HTTP Response Splitting
HasMemberDeprecatedDeprecated359DEPRECATED: WASC-26 - HTTP Request Smuggling
HasMemberDeprecatedDeprecated360DEPRECATED: WASC-27 - HTTP Response Smuggling
HasMemberDeprecatedDeprecated361DEPRECATED: WASC-28 - Null Byte Injection
HasMemberDeprecatedDeprecated362DEPRECATED: WASC-29 - LDAP Injection
HasMemberDeprecatedDeprecated363DEPRECATED: WASC-30 - Mail Command Injection
HasMemberDeprecatedDeprecated364DEPRECATED: WASC-31 - OS Commanding
HasMemberDeprecatedDeprecated365DEPRECATED: WASC-32 - Routing Detour
HasMemberDeprecatedDeprecated366DEPRECATED: WASC-33 - Path Traversal
HasMemberDeprecatedDeprecated367DEPRECATED: WASC-34 - Predictable Resource Location
HasMemberDeprecatedDeprecated368DEPRECATED: WASC-35 - SOAP Array Abuse
HasMemberDeprecatedDeprecated369DEPRECATED: WASC-36 - SSI Injection
HasMemberDeprecatedDeprecated370DEPRECATED: WASC-37 - Session Fixation
HasMemberDeprecatedDeprecated371DEPRECATED: WASC-38 - URL Redirector Abuse
HasMemberDeprecatedDeprecated372DEPRECATED: WASC-39 - XPath Injection
HasMemberDeprecatedDeprecated373DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation
HasMemberDeprecatedDeprecated374DEPRECATED: WASC-41 - XML Attribute Blowup
HasMemberDeprecatedDeprecated375DEPRECATED: WASC-42 - Abuse of Functionality
HasMemberDeprecatedDeprecated376DEPRECATED: WASC-43 - XML External Entities
HasMemberDeprecatedDeprecated377DEPRECATED: WASC-44 - XML Entity Expansion
HasMemberDeprecatedDeprecated378DEPRECATED: WASC-45 - Fingerprinting
HasMemberDeprecatedDeprecated379DEPRECATED: WASC-46 - XQuery Injection
HasMemberDeprecatedDeprecated380DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration
HasMemberDeprecatedDeprecated381DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing
HasMemberDeprecatedDeprecated382DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery
HasMemberDeprecatedDeprecated396DEPRECATED: Bypassing Card or Badge-Based Systems
HasMemberDeprecatedDeprecated404DEPRECATED: Social Information Gathering Attacks
HasMemberDeprecatedDeprecated405DEPRECATED: Social Information Gathering via Research
HasMemberDeprecatedDeprecated408DEPRECATED: Information Gathering from Traditional Sources
HasMemberDeprecatedDeprecated409DEPRECATED: Information Gathering from Non-Traditional Sources
HasMemberDeprecatedDeprecated411DEPRECATED: Pretexting
HasMemberDeprecatedDeprecated419DEPRECATED: Target Influence via Perception of Concession
HasMemberDeprecatedDeprecated430DEPRECATED: Target Influence via Micro-Expressions
HasMemberDeprecatedDeprecated431DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)
HasMemberDeprecatedDeprecated432DEPRECATED: Target Influence via Voice in NLP
HasMemberDeprecatedDeprecated436DEPRECATED: Gain Physical Access
HasMemberDeprecatedDeprecated449DEPRECATED: Malware Propagation via USB Stick
HasMemberDeprecatedDeprecated450DEPRECATED: Malware Propagation via USB U3 Autorun
HasMemberDeprecatedDeprecated451DEPRECATED: Malware Propagation via Infected Peripheral Device
HasMemberDeprecatedDeprecated453DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware
HasMemberDeprecatedDeprecated454DEPRECATED: Modification of Existing Components with Counterfeit Hardware
HasMemberDeprecatedDeprecated455DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
HasMemberDeprecatedDeprecated484DEPRECATED: XML Client-Side Attack
HasMemberDeprecatedDeprecated525DEPRECATED: Execute Code
HasMemberDeprecatedDeprecated526DEPRECATED: Alter System Components
HasMemberDeprecatedDeprecated527DEPRECATED: Manipulate System Users
HasMemberDeprecatedDeprecated557DEPRECATED: Schedule Software To Run
HasMemberDeprecatedDeprecated566DEPRECATED: Dump Password Hashes
HasMemberDeprecatedDeprecated567DEPRECATED: Obtain Data via Utilities
HasMemberDeprecatedDeprecated570DEPRECATED: Signature-Based Avoidance
HasMemberDeprecatedDeprecated602DEPRECATED: Degradation
+ View Metrics
CAPECs in this view
Attack Patterns55
Categories57
Views0
Total112
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 21, 2021