CAPEC - Differences between 2.1 and 2.2 Content


Common Attack Pattern Enumeration and Classification A Community Resource for Identifying and Understanding Attacks

Home > CAPEC List > Reports > Differences between 2.1 and 2.2 Content

Differences between 2.1 and 2.2 Content

Summary | Attack Pattern Changes | Category Changes | View Changes | Mapping Changes

Summary

Total (2.2)	476
Total (2.1)	475
Attack Patterns
New Patterns Added	3
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added	25

Summary of Entry Types

Type	2.1	2.2
Views	7	7
Categories	53	51
Attack Patterns	398	401
Deprecated	17	17

Attack Pattern Changes

New Patterns Added
CAPEC-216	Abuse of Communication Channels
CAPEC-278	Web Services Protocol Manipulation
CAPEC-484	XML Client-Side Attack

Existing Patterns Modified with Enhanced Material

Patterns Deprecated

Category Changes

New Categories Added

Existing Categories Modified with Enhanced Material

Categories Deprecated

View Changes

Views Added

Existing Views Modified with Enhanced Material

Views Deprecated

Mapping Changes

CAPEC --> CWE Mappings Added
CAPEC-217 Exploiting Incorrectly Configured SSL Security Levels
-->	CWE-201	Information Exposure Through Sent Data
CAPEC-230 Recursive Payloads Sent to XML Parsers
-->	CWE-19	Data Handling
-->	CWE-20	Improper Input Validation
-->	CWE-112	Missing XML Validation
-->	CWE-674	Uncontrolled Recursion
-->	CWE-770	Allocation of Resources Without Limits or Throttling
CAPEC-231 Oversized Payloads Sent to XML Parsers
-->	CWE-19	Data Handling
-->	CWE-20	Improper Input Validation
-->	CWE-112	Missing XML Validation
-->	CWE-674	Uncontrolled Recursion
-->	CWE-770	Allocation of Resources Without Limits or Throttling
CAPEC-236 Catching exception throw/signal from privileged block
-->	CWE-270	Privilege Context Switching Error
CAPEC-250 XML Injection
-->	CWE-20	Improper Input Validation
-->	CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
-->	CWE-91	XML Injection (aka Blind XPath Injection)
-->	CWE-390	Detection of Error Condition Without Action
-->	CWE-707	Improper Enforcement of Message or Data Structure
-->	CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws
CAPEC-264 Environment Variable Manipulation
-->	CWE-20	Improper Input Validation
-->	CWE-471	Modification of Assumed-Immutable Data (MAID)
CAPEC-265 Global variable manipulation
-->	CWE-20	Improper Input Validation
-->	CWE-471	Modification of Assumed-Immutable Data (MAID)
CAPEC-484 XML Client-Side Attack
-->	CWE-19	Data Handling
-->	CWE-20	Improper Input Validation
-->	CWE-112	Missing XML Validation

CAPEC --> CWE Mappings Removed

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed

More information is available — Please select a different filter.

Page Last Updated or Reviewed: October 28, 2016


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2025, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.

Common Attack Pattern Enumeration and Classification

Differences between 2.1 and 2.2 Content

Summary of Entry Types