New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 2.5 and 2.6 Content  

Differences between 2.5 and 2.6 Content

Summary
Summary
Total (2.6) 544
Total (2.5) 536
Attack Patterns
New Patterns Added 10
Patterns Deprecated 6
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 1
CAPEC -> CWE Mappings Removed 2

Summary of Entry Types

Type 2.5 2.6
Views 8 8
Categories 60 58
Attack Patterns 450 454
Deprecated 18 24

Back to top
Attack Pattern Changes
Attack Pattern Changes
New Patterns Added
CAPEC-126 Path Traversal
CAPEC-212 Functionality Misuse
CAPEC-253 Remote Code Inclusion
CAPEC-529 Malware-Directed Internal Reconnaissance
CAPEC-542 Targeted Malware
CAPEC-543 Counterfeit Websites
CAPEC-544 Counterfeit Organizations
CAPEC-545 Probe Application Queries
CAPEC-546 Probe Application Memory
CAPEC-547 Physical Destruction of Device or Component
CAPEC-548 Contaminate Resource

Existing Patterns Modified with Enhanced Material

Patterns Deprecated
CAPEC-157 Sniffing Attacks
CAPEC-254 DTD Injection in a SOAP Message
CAPEC-258 Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
CAPEC-259 Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
CAPEC-260 Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
CAPEC-269 DEPRECATED: Registry Manipulation
Back to top
Category Changes
Category Changes
New Categories Added
CAPEC-286 Reconnaissance

Existing Categories Modified with Enhanced Material

Categories Deprecated
Back to top
View Changes
View Changes
Views Added

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-158 Sniffing Network Traffic
  --> CWE-311 Missing Encryption of Sensitive Data

CAPEC --> CWE Mappings Removed
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message
  --> CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
  --> CWE-770 Allocation of Resources Without Limits or Throttling

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.