New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 2.1 and 2.2 Content  

Differences between 2.1 and 2.2 Content

Summary
Summary
Total (2.2) 476
Total (2.1) 475
Attack Patterns
New Patterns Added 3
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 25

Summary of Entry Types

Type 2.1 2.2
Views 7 7
Categories 53 51
Attack Patterns 398 401
Deprecated 17 17

Back to top
Attack Pattern Changes
Attack Pattern Changes
New Patterns Added
CAPEC-216 Abuse of Communication Channels
CAPEC-278 Web Services Protocol Manipulation
CAPEC-484 XML Client-Side Attack

Existing Patterns Modified with Enhanced Material

Patterns Deprecated
Back to top
Category Changes
Category Changes
New Categories Added

Existing Categories Modified with Enhanced Material

Categories Deprecated
Back to top
View Changes
View Changes
Views Added

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-217 Exploiting Incorrectly Configured SSL Security Levels
  --> CWE-201 Information Exposure Through Sent Data
CAPEC-230 Recursive Payloads Sent to XML Parsers
  --> CWE-19 Data Handling
  --> CWE-20 Improper Input Validation
  --> CWE-112 Missing XML Validation
  --> CWE-674 Uncontrolled Recursion
  --> CWE-770 Allocation of Resources Without Limits or Throttling
CAPEC-231 Oversized Payloads Sent to XML Parsers
  --> CWE-19 Data Handling
  --> CWE-20 Improper Input Validation
  --> CWE-112 Missing XML Validation
  --> CWE-674 Uncontrolled Recursion
  --> CWE-770 Allocation of Resources Without Limits or Throttling
CAPEC-236 Catching exception throw/signal from privileged block
  --> CWE-270 Privilege Context Switching Error
CAPEC-250 XML Injection
  --> CWE-20 Improper Input Validation
  --> CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  --> CWE-91 XML Injection (aka Blind XPath Injection)
  --> CWE-390 Detection of Error Condition Without Action
  --> CWE-707 Improper Enforcement of Message or Data Structure
  --> CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
CAPEC-264 Environment Variable Manipulation
  --> CWE-20 Improper Input Validation
  --> CWE-471 Modification of Assumed-Immutable Data (MAID)
CAPEC-265 Global variable manipulation
  --> CWE-20 Improper Input Validation
  --> CWE-471 Modification of Assumed-Immutable Data (MAID)
CAPEC-484 XML Client-Side Attack
  --> CWE-19 Data Handling
  --> CWE-20 Improper Input Validation
  --> CWE-112 Missing XML Validation

CAPEC --> CWE Mappings Removed

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.