CAPEC - Differences between 2.4 and 2.5 Content


Common Attack Pattern Enumeration and Classification A Community Resource for Identifying and Understanding Attacks

Home > CAPEC List > Reports > Differences between 2.4 and 2.5 Content

Differences between 2.4 and 2.5 Content

Summary | Attack Pattern Changes | Category Changes | View Changes | Mapping Changes

Summary

Total (2.5)	536
Total (2.4)	534
Attack Patterns
New Patterns Added	2
Existing Patterns Modified with Enhanced Material	34
Patterns Deprecated	1
Categories
Existing Categories Modified with Enhanced Material	7
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added	1

Summary of Entry Types

Type	2.4	2.5
Views	8	8
Categories	60	60
Attack Patterns	449	450
Deprecated	17	18

Attack Pattern Changes

New Patterns Added
CAPEC-540	Overread Buffers
CAPEC-541	Application Fingerprinting

Existing Patterns Modified with Enhanced Material
CAPEC-3	Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-32	Embedding Scripts in HTTP Query Strings
CAPEC-47	Buffer Overflow via Parameter Expansion
CAPEC-62	Cross Site Request Forgery (aka Session Riding)
CAPEC-85	AJAX Fingerprinting
CAPEC-109	Object Relational Mapping Injection
CAPEC-123	Buffer Manipulation
CAPEC-139	Relative Path Traversal
CAPEC-148	Content Spoofing
CAPEC-151	Identity Spoofing
CAPEC-170	Web Application Fingerprinting
CAPEC-173	Action Spoofing
CAPEC-180	Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-224	Fingerprinting
CAPEC-257	Abuse of Transaction Data Structure
CAPEC-289	DEPRECATED: Infrastructure-based footprinting
CAPEC-292	Host Discovery
CAPEC-300	Port Scanning
CAPEC-309	Network Topology Mapping
CAPEC-310	Scanning for Vulnerable Software
CAPEC-311	OS Fingerprinting
CAPEC-401	Hacking Hardware Devices or Components
CAPEC-438	Integrity Modification During Manufacture
CAPEC-439	Integrity Modification during Distribution
CAPEC-440	Integrity Modification During Deployed Use
CAPEC-441	Malicious Logic Inserted Into Product
CAPEC-472	Browser Fingerprinting
CAPEC-511	Infiltration of Software Development Environment
CAPEC-516	Hardware Component Substitution During Baselining
CAPEC-517	Documentation Alteration to Circumvent Dial-down
CAPEC-518	Documentation Alteration to Produce Under-performing Systems
CAPEC-519	Documentation Alteration to Cause Errors in System Design
CAPEC-520	Counterfeit Hardware Component Inserted During Product Assembly
CAPEC-521	Hardware Design Specifications Are Altered

Patterns Deprecated
CAPEC-289	DEPRECATED: Infrastructure-based footprinting

Category Changes

New Categories Added

Existing Categories Modified with Enhanced Material
CAPEC-118	Gather Information
CAPEC-156	Deceptive Interactions
CAPEC-437	Supply Chain
CAPEC-512	Communications
CAPEC-513	Software
CAPEC-515	Hardware
CAPEC-526	Alter System Components

Categories Deprecated

View Changes

Views Added

Existing Views Modified with Enhanced Material

Views Deprecated

Mapping Changes

CAPEC --> CWE Mappings Added
CAPEC-540 Overread Buffers
-->	CWE-125	Out-of-bounds Read

CAPEC --> CWE Mappings Removed

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed

More information is available — Please select a different filter.

Page Last Updated or Reviewed: October 28, 2016


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2025, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.

Common Attack Pattern Enumeration and Classification

Differences between 2.4 and 2.5 Content

Summary of Entry Types