New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 2.0 and 2.1 Content  

Differences between 2.0 and 2.1 Content

Summary
Summary
Total (2.1) 475
Total (2.0) 474
Categories
Categories Deprecated 15
Views
Views Added 1
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 2

Summary of Entry Types

Type 2.0 2.1
Views 6 7
Categories 68 53
Attack Patterns 398 398
Deprecated 2 17

Back to top
Attack Pattern Changes
Attack Pattern Changes
New Patterns Added

Existing Patterns Modified with Enhanced Material

Patterns Deprecated
Back to top
Category Changes
Category Changes
New Categories Added

Existing Categories Modified with Enhanced Material

Categories Deprecated
CAPEC-334 DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication
CAPEC-335 DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization
CAPEC-337 DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection
CAPEC-346 DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage
CAPEC-347 DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration
CAPEC-348 DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration
CAPEC-349 DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing
CAPEC-350 DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions
CAPEC-353 DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling
CAPEC-354 DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation
CAPEC-355 DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling
CAPEC-373 DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation
CAPEC-380 DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration
CAPEC-381 DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing
CAPEC-382 DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery
Back to top
View Changes
View Changes
Views Added
CAPEC-483 Deprecated Entries

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-213 Directory Traversal
  --> CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  --> CWE-893 SFP Cluster: Path Resolution

CAPEC --> CWE Mappings Removed

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.