CAPEC --> CWE Mappings Removed |
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs |
--> |
CWE-721 |
OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-6 Argument Injection |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-7 Blind SQL Injection |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-14 Client-side Injection-induced Buffer Overflow |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-15 Command Delimiters |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-17 Using Malicious Files |
--> |
CWE-264 |
Permissions, Privileges, and Access Controls |
--> |
CWE-275 |
Permission Issues |
CAPEC-20 Encryption Brute Forcing |
--> |
CWE-719 |
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
CAPEC-28 Fuzzing |
--> |
CWE-388 |
7PK - Errors |
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies |
--> |
CWE-724 |
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
CAPEC-34 HTTP Response Splitting |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-35 Leverage Executable Code in Non-Executable Files |
--> |
CWE-264 |
Permissions, Privileges, and Access Controls |
--> |
CWE-275 |
Permission Issues |
--> |
CWE-714 |
OWASP Top Ten 2007 Category A3 - Malicious File Execution |
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-43 Exploiting Multiple Input Interpretation Layers |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-44 Overflow Binary Resource File |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-50 Password Recovery Exploitation |
--> |
CWE-718 |
OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management |
CAPEC-52 Embedding NULL Bytes |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-53 Postfix, Null Terminate, and Backslash |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-55 Rainbow Table Password Cracking |
--> |
CWE-719 |
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
CAPEC-57 Utilizing REST's Trust in the System Resource to Obtain Sensitive Data |
--> |
CWE-724 |
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
CAPEC-58 Restful Privilege Elevation |
--> |
CWE-264 |
Permissions, Privileges, and Access Controls |
CAPEC-59 Session Credential Falsification through Prediction |
--> |
CWE-719 |
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
CAPEC-61 Session Fixation |
--> |
CWE-361 |
7PK - Time and State |
CAPEC-62 Cross Site Request Forgery |
--> |
CWE-716 |
OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF) |
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic |
--> |
CWE-21 |
DEPRECATED: Pathname Traversal and Equivalence Errors |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-65 Sniff Application Code |
--> |
CWE-719 |
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
CAPEC-69 Target Programs with Elevated Privileges |
--> |
CWE-264 |
Permissions, Privileges, and Access Controls |
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-72 URL Encoding |
--> |
CWE-21 |
DEPRECATED: Pathname Traversal and Equivalence Errors |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-74 Manipulating State |
--> |
CWE-371 |
State Issues |
CAPEC-75 Manipulating Writeable Configuration Files |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-76 Manipulating Web Input to File System Calls |
--> |
CWE-264 |
Permissions, Privileges, and Access Controls |
--> |
CWE-715 |
OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference |
CAPEC-78 Using Escaped Slashes in Alternate Encoding |
--> |
CWE-21 |
DEPRECATED: Pathname Traversal and Equivalence Errors |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-79 Using Slashes in Alternate Encoding |
--> |
CWE-21 |
DEPRECATED: Pathname Traversal and Equivalence Errors |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic |
--> |
CWE-21 |
DEPRECATED: Pathname Traversal and Equivalence Errors |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-81 Web Logs Tampering |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-83 XPath Injection |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-84 XQuery Injection |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-85 AJAX Footprinting |
--> |
CWE-712 |
OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) |
CAPEC-88 OS Command Injection |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-90 Reflection Attack in Authentication Protocol |
--> |
CWE-718 |
OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management |
CAPEC-93 Log Injection-Tampering-Forging |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-94 Man in the Middle Attack |
--> |
CWE-724 |
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
CAPEC-96 Block Access to Libraries |
--> |
CWE-227 |
7PK - API Abuse |
CAPEC-100 Overflow Buffers |
--> |
CWE-19 |
Data Processing Errors |
CAPEC-101 Server Side Include (SSI) Injection |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-109 Object Relational Mapping Injection |
--> |
CWE-100 |
DEPRECATED: Technology-Specific Input Validation Problems |
CAPEC-113 Interface Manipulation |
--> |
CWE-227 |
7PK - API Abuse |
CAPEC-120 Double Encoding |
--> |
CWE-21 |
DEPRECATED: Pathname Traversal and Equivalence Errors |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-127 Directory Indexing |
--> |
CWE-721 |
OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
CAPEC-135 Format String Injection |
--> |
CWE-133 |
String Errors |
CAPEC-193 PHP Remote File Inclusion |
--> |
CWE-714 |
OWASP Top Ten 2007 Category A3 - Malicious File Execution |
CAPEC-215 Fuzzing for application mapping |
--> |
CWE-388 |
7PK - Errors |
CAPEC-230 XML Nested Payloads |
--> |
CWE-19 |
Data Processing Errors |
CAPEC-231 Oversized Serialized Data Payloads |
--> |
CWE-19 |
Data Processing Errors |
CAPEC-250 XML Injection |
--> |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
CAPEC-267 Leverage Alternate Encoding |
--> |
CWE-21 |
DEPRECATED: Pathname Traversal and Equivalence Errors |
--> |
CWE-171 |
DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CAPEC-485 Signature Spoofing by Key Recreation |
--> |
CWE-310 |
Cryptographic Issues |