New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 2.2 and 2.3 Content  

Differences between 2.2 and 2.3 Content

Summary
Summary
Total (2.3) 496
Total (2.2) 476
Attack Patterns
New Patterns Added 20
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 12

Summary of Entry Types

Type 2.2 2.3
Views 7 7
Categories 51 51
Attack Patterns 401 421
Deprecated 17 17

Back to top
Attack Pattern Changes
Attack Pattern Changes
New Patterns Added
CAPEC-473 Signature Spoofing
CAPEC-474 Signature Spoofing by Key Theft
CAPEC-475 Signature Spoofing by Improper Validation
CAPEC-476 Signature Spoofing by Misrepresentation
CAPEC-477 Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC-482 TCP Flood
CAPEC-485 Signature Spoofing by Key Recreation
CAPEC-486 UDP Flood
CAPEC-487 ICMP Flood
CAPEC-488 HTTP Flood
CAPEC-489 SSL Flood
CAPEC-490 Amplification/Reflection Flood
CAPEC-498 Probing Application Screenshots
CAPEC-499 Intent Intercept
CAPEC-500 WebView Injection
CAPEC-501 Activity Hijack
CAPEC-502 Intent Spoof
CAPEC-503 WebView Exposure
CAPEC-504 Task Impersonation
CAPEC-505 Scheme Squatting

Existing Patterns Modified with Enhanced Material

Patterns Deprecated
Back to top
Category Changes
Category Changes
New Categories Added

Existing Categories Modified with Enhanced Material

Categories Deprecated
Back to top
View Changes
View Changes
Views Added

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-473 Signature Spoofing
  --> CWE-20 Improper Input Validation
  --> CWE-290 Authentication Bypass by Spoofing
  --> CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CAPEC-474 Signature Spoofing by Key Theft
  --> CWE-216 Containment Errors (Container Errors)
  --> CWE-284 Improper Access Control
  --> CWE-693 Protection Mechanism Failure
CAPEC-475 Signature Spoofing by Improper Validation
  --> CWE-693 Protection Mechanism Failure
CAPEC-477 Signature Spoofing by Mixing Signed and Unsigned Content
  --> CWE-311 Missing Encryption of Sensitive Data
  --> CWE-319 Cleartext Transmission of Sensitive Information
  --> CWE-693 Protection Mechanism Failure
CAPEC-485 Signature Spoofing by Key Recreation
  --> CWE-310 Cryptographic Issues
  --> CWE-330 Use of Insufficiently Random Values

CAPEC --> CWE Mappings Removed

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.