New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 2.3 and 2.4 Content  

Differences between 2.3 and 2.4 Content

Summary
Summary
Total (2.4) 534
Total (2.3) 496
Attack Patterns
New Patterns Added 27
Categories
New Categories Added 6
Views
Views Added 1
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 3
CAPEC -> CWE Mappings Removed 5

Summary of Entry Types

Type 2.3 2.4
Views 7 8
Categories 51 60
Attack Patterns 421 449
Deprecated 17 17

Back to top
Attack Pattern Changes
Attack Pattern Changes
New Patterns Added
CAPEC-491 XML Quadratic Expansion
CAPEC-492 Regular Expression Exponential Blowup
CAPEC-493 SOAP Array Blowup
CAPEC-494 TCP Fragmentation
CAPEC-495 UDP Fragmentation
CAPEC-496 ICMP Fragmentation
CAPEC-506 Tapjacking
CAPEC-507 Physical Theft
CAPEC-510 SaaS User Request Forgery
CAPEC-511 Infiltration of Software Development Environment
CAPEC-516 Hardware Component Substitution During Baselining
CAPEC-517 Documentation Alteration to Circumvent Dial-down
CAPEC-518 Documentation Alteration to Produce Under-performing Systems
CAPEC-519 Documentation Alteration to Cause Errors in System Design
CAPEC-520 Counterfeit Hardware Component Inserted During Product Assembly
CAPEC-521 Hardware Design Specifications Are Altered
CAPEC-522 Malicious Hardware Component Replacement
CAPEC-523 Malicious Software Implanted
CAPEC-524 Rogue Integration Procedures
CAPEC-528 XML Flood
CAPEC-530 Counterfeit Component Supplied
CAPEC-531 Hardware Component Substitution After Installation
CAPEC-532 Altered BIOS Installed After Installation
CAPEC-533 Malicious Software Update
CAPEC-534 Malicious Hardware Update
CAPEC-535 Malicious Gray Market Hardware
CAPEC-536 Data Injected During Configuration
CAPEC-537 Infiltration of Hardware Development Environment
CAPEC-538 Open Source Libraries Altered
CAPEC-539 ASIC With Malicious Functionality

Existing Patterns Modified with Enhanced Material
CAPEC-224 Fingerprinting

Patterns Deprecated
Back to top
Category Changes
Category Changes
New Categories Added
CAPEC-512 Communications
CAPEC-513 Software
CAPEC-514 Physical Security
CAPEC-515 Hardware
CAPEC-525 Lateral Movement
CAPEC-526 Alter System Components
CAPEC-527 Manipulate System Users

Existing Categories Modified with Enhanced Material
CAPEC-281 Analyze Target
CAPEC-403 Social Engineering
CAPEC-437 Supply Chain

Categories Deprecated
Back to top
View Changes
View Changes
Views Added
CAPEC-3000 Domains of Attack

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-224 Fingerprinting
  --> CWE-208 Information Exposure Through Timing Discrepancy
CAPEC-462 Cross-Domain Search Timing
  --> CWE-208 Information Exposure Through Timing Discrepancy
CAPEC-510 SaaS User Request Forgery
  --> CWE-346 Origin Validation Error

CAPEC --> CWE Mappings Removed
CAPEC-118 Data Leakage Attacks
  --> CWE-404 Improper Resource Shutdown or Release
CAPEC-227 Denial of Service through Resource Depletion
  --> CWE-770 Allocation of Resources Without Limits or Throttling
CAPEC-281 Analytic Attacks
  --> CWE-200 Information Exposure
  --> CWE-330 Use of Insufficiently Random Values
  --> CWE-514 Covert Channel

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.