New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 2.4 and 2.5 Content  

Differences between 2.4 and 2.5 Content

Summary
Summary
Total (2.5) 536
Total (2.4) 534
Attack Patterns
New Patterns Added 2
Existing Patterns Modified with Enhanced Material 34
Patterns Deprecated 1
Categories
Existing Categories Modified with Enhanced Material 7
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 1

Summary of Entry Types

Type 2.4 2.5
Views 8 8
Categories 60 60
Attack Patterns 449 450
Deprecated 17 18

Back to top
Attack Pattern Changes
Attack Pattern Changes
New Patterns Added
CAPEC-540 Overread Buffers
CAPEC-541 Application Fingerprinting

Existing Patterns Modified with Enhanced Material
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-62 Cross Site Request Forgery (aka Session Riding)
CAPEC-85 AJAX Fingerprinting
CAPEC-109 Object Relational Mapping Injection
CAPEC-123 Buffer Manipulation
CAPEC-139 Relative Path Traversal
CAPEC-148 Content Spoofing
CAPEC-151 Identity Spoofing
CAPEC-170 Web Application Fingerprinting
CAPEC-173 Action Spoofing
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-224 Fingerprinting
CAPEC-257 Abuse of Transaction Data Structure
CAPEC-289 DEPRECATED: Infrastructure-based footprinting
CAPEC-292 Host Discovery
CAPEC-300 Port Scanning
CAPEC-309 Network Topology Mapping
CAPEC-310 Scanning for Vulnerable Software
CAPEC-311 OS Fingerprinting
CAPEC-401 Hacking Hardware Devices or Components
CAPEC-438 Integrity Modification During Manufacture
CAPEC-439 Integrity Modification during Distribution
CAPEC-440 Integrity Modification During Deployed Use
CAPEC-441 Malicious Logic Inserted Into Product
CAPEC-472 Browser Fingerprinting
CAPEC-511 Infiltration of Software Development Environment
CAPEC-516 Hardware Component Substitution During Baselining
CAPEC-517 Documentation Alteration to Circumvent Dial-down
CAPEC-518 Documentation Alteration to Produce Under-performing Systems
CAPEC-519 Documentation Alteration to Cause Errors in System Design
CAPEC-520 Counterfeit Hardware Component Inserted During Product Assembly
CAPEC-521 Hardware Design Specifications Are Altered

Patterns Deprecated
CAPEC-289 DEPRECATED: Infrastructure-based footprinting
Back to top
Category Changes
Category Changes
New Categories Added

Existing Categories Modified with Enhanced Material
CAPEC-118 Gather Information
CAPEC-156 Deceptive Interactions
CAPEC-437 Supply Chain
CAPEC-512 Communications
CAPEC-513 Software
CAPEC-515 Hardware
CAPEC-526 Alter System Components

Categories Deprecated
Back to top
View Changes
View Changes
Views Added

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-540 Overread Buffers
  --> CWE-125 Out-of-bounds Read

CAPEC --> CWE Mappings Removed

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.