New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 3.7 and 3.8 Content  

Differences between 3.7 and 3.8 Content

Summary

Total (3.8) (not including Deprecated) 588
Total (3.7) (not including Deprecated) 572
Attack Patterns
New Patterns Added 10
Existing Patterns Modified with Enhanced Material 214
Patterns Deprecated 1
Categories
New Categories Added 6
Existing Categories Modified with Enhanced Material 3
Views
Views Added 1
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 16
CAPEC -> CWE Mappings Removed 4
CAPEC -> CAPEC Mappings
CAPEC -> CAPEC Mappings Added 40
CAPEC -> CAPEC Mappings Removed 3

Summary of Entry Types

Type 3.7 3.8
Views 11 12
Categories 15 21
Attack Patterns 546 555
Deprecated 112 113

Back to top

Attack Pattern Changes

New Patterns Added
CAPEC-682 Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities
CAPEC-690 Metadata Spoofing
CAPEC-691 Spoof Open-Source Software Metadata
CAPEC-692 Spoof Version Control System Commit Metadata
CAPEC-693 StarJacking
CAPEC-694 System Location Discovery
CAPEC-695 Repo Jacking
CAPEC-696 Load Value Injection
CAPEC-697 DHCP Spoofing
CAPEC-698 Install Malicious Extension

Existing Patterns Modified with Enhanced Material
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-11 Cause Web Server Misclassification
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-17 Using Malicious Files
CAPEC-18 XSS Targeting Non-Script Elements
CAPEC-19 Embedding Scripts within Scripts
CAPEC-21 Exploitation of Trusted Identifiers
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-25 Forced Deadlock
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-33 HTTP Request Smuggling
CAPEC-34 HTTP Response Splitting
CAPEC-35 Leverage Executable Code in Non-Executable Files
CAPEC-36 Using Unpublished Interfaces or Functionality
CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-40 Manipulating Writeable Terminal Devices
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-48 Passing Local Filenames to Functions That Expect a URL
CAPEC-50 Password Recovery Exploitation
CAPEC-51 Poison Web Service Registry
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-54 Query System for Information
CAPEC-57 Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
CAPEC-58 Restful Privilege Elevation
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-63 Cross-Site Scripting (XSS)
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-65 Sniff Application Code
CAPEC-67 String Format Overflow in syslog()
CAPEC-68 Subvert Code-signing Facilities
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-75 Manipulating Writeable Configuration Files
CAPEC-76 Manipulating Web Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81 Web Server Logs Tampering
CAPEC-84 XQuery Injection
CAPEC-86 XSS Through HTTP Headers
CAPEC-89 Pharming
CAPEC-92 Forced Integer Overflow
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-94 Adversary in the Middle (AiTM)
CAPEC-97 Cryptanalysis
CAPEC-98 Phishing
CAPEC-103 Clickjacking
CAPEC-105 HTTP Request Splitting
CAPEC-108 Command Line Execution through SQL Injection
CAPEC-111 JSON Hijacking (aka JavaScript Hijacking)
CAPEC-112 Brute Force
CAPEC-116 Excavation
CAPEC-120 Double Encoding
CAPEC-122 Privilege Abuse
CAPEC-125 Flooding
CAPEC-126 Path Traversal
CAPEC-132 Symlink Attack
CAPEC-139 Relative Path Traversal
CAPEC-141 Cache Poisoning
CAPEC-142 DNS Cache Poisoning
CAPEC-146 XML Schema Poisoning
CAPEC-148 Content Spoofing
CAPEC-150 Collect Data from Common Resource Locations
CAPEC-158 Sniffing Network Traffic
CAPEC-159 Redirect Access to Libraries
CAPEC-163 Spear Phishing
CAPEC-165 File Manipulation
CAPEC-169 Footprinting
CAPEC-170 Web Application Fingerprinting
CAPEC-174 Flash Parameter Injection
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-182 Flash Injection
CAPEC-185 Malicious Software Download
CAPEC-186 Malicious Software Update
CAPEC-193 PHP Remote File Inclusion
CAPEC-195 Principal Spoof
CAPEC-196 Session Credential Falsification through Forging
CAPEC-197 Exponential Data Expansion
CAPEC-198 XSS Targeting Error Pages
CAPEC-199 XSS Using Alternate Syntax
CAPEC-201 Serialized Data External Linking
CAPEC-203 Manipulate Registry Information
CAPEC-204 Lifting Sensitive Data Embedded in Cache
CAPEC-207 Removing Important Client Functionality
CAPEC-215 Fuzzing for application mapping
CAPEC-219 XML Routing Detour Attacks
CAPEC-221 Data Serialization External Entities Blowup
CAPEC-222 iFrame Overlay
CAPEC-229 Serialized Data Parameter Blowup
CAPEC-231 Oversized Serialized Data Payloads
CAPEC-244 XSS Targeting URI Placeholders
CAPEC-267 Leverage Alternate Encoding
CAPEC-268 Audit Log Manipulation
CAPEC-270 Modification of Registry Run Keys
CAPEC-271 Schema Poisoning
CAPEC-273 HTTP Response Smuggling
CAPEC-275 DNS Rebinding
CAPEC-309 Network Topology Mapping
CAPEC-313 Passive OS Fingerprinting
CAPEC-383 Harvesting Information via API Event Monitoring
CAPEC-387 Navigation Remapping To Propagate Malicious Content
CAPEC-388 Application API Button Hijacking
CAPEC-406 Dumpster Diving
CAPEC-407 Pretexting
CAPEC-440 Hardware Integrity Attack
CAPEC-442 Infected Software
CAPEC-443 Malicious Logic Inserted Into Product by Authorized Developer
CAPEC-445 Malicious Logic Insertion into Product Software via Configuration Management Manipulation
CAPEC-446 Malicious Logic Insertion into Product via Inclusion of Third-Party Component
CAPEC-457 USB Memory Attacks
CAPEC-459 Creating a Rogue Certification Authority Certificate
CAPEC-461 Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
CAPEC-464 Evercookie
CAPEC-465 Transparent Proxy Abuse
CAPEC-469 HTTP DoS
CAPEC-471 Search Order Hijacking
CAPEC-472 Browser Fingerprinting
CAPEC-473 Signature Spoof
CAPEC-474 Signature Spoofing by Key Theft
CAPEC-482 TCP Flood
CAPEC-485 Signature Spoofing by Key Recreation
CAPEC-486 UDP Flood
CAPEC-487 ICMP Flood
CAPEC-488 HTTP Flood
CAPEC-489 SSL Flood
CAPEC-491 Quadratic Data Expansion
CAPEC-504 Task Impersonation
CAPEC-505 Scheme Squatting
CAPEC-511 Infiltration of Software Development Environment
CAPEC-516 Hardware Component Substitution During Baselining
CAPEC-520 Counterfeit Hardware Component Inserted During Product Assembly
CAPEC-522 Malicious Hardware Component Replacement
CAPEC-523 Malicious Software Implanted
CAPEC-531 Hardware Component Substitution
CAPEC-532 Altered Installed BIOS
CAPEC-537 Infiltration of Hardware Development Environment
CAPEC-538 Open-Source Library Manipulation
CAPEC-539 ASIC With Malicious Functionality
CAPEC-541 Application Fingerprinting
CAPEC-542 Targeted Malware
CAPEC-543 Counterfeit Websites
CAPEC-544 Counterfeit Organizations
CAPEC-545 Pull Data from System Resources
CAPEC-550 Install New Service
CAPEC-551 Modify Existing Service
CAPEC-555 Remote Services with Stolen Credentials
CAPEC-558 Replace Trusted Executable
CAPEC-560 Use of Known Domain Credentials
CAPEC-561 Windows Admin Shares with Stolen Credentials
CAPEC-564 Run Software at Logon
CAPEC-571 Block Logging to Central Repository
CAPEC-576 Group Permission Footprinting
CAPEC-578 Disable Security Software
CAPEC-580 System Footprinting
CAPEC-588 DOM-Based XSS
CAPEC-591 Reflected XSS
CAPEC-592 Stored XSS
CAPEC-593 Session Hijacking
CAPEC-598 DNS Spoofing
CAPEC-600 Credential Stuffing
CAPEC-609 Cellular Traffic Intercept
CAPEC-611 BitSquatting
CAPEC-614 Rooting SIM Cards
CAPEC-615 Evil Twin Wi-Fi Attack
CAPEC-616 Establish Rogue Location
CAPEC-617 Cellular Rogue Base Station
CAPEC-620 Drop Encryption Level
CAPEC-624 Hardware Fault Injection
CAPEC-630 TypoSquatting
CAPEC-631 SoundSquatting
CAPEC-632 Homograph Attack via Homoglyphs
CAPEC-635 Alternative Execution Due to Deceptive Filenames
CAPEC-636 Hiding Malicious Data or Code within Files
CAPEC-639 Probe System Files
CAPEC-640 Inclusion of Code in Existing Process
CAPEC-642 Replace Binaries
CAPEC-644 Use of Captured Hashes (Pass The Hash)
CAPEC-647 Collect Data from Registries
CAPEC-648 Collect Data from Screen Capture
CAPEC-651 Eavesdropping
CAPEC-652 Use of Known Kerberos Credentials
CAPEC-653 Use of Known Operating System Credentials
CAPEC-654 Credential Prompt Impersonation
CAPEC-657 Malicious Automated Software Update via Spoofing
CAPEC-662 Adversary in the Browser (AiTB)
CAPEC-664 Server Side Request Forgery
CAPEC-665 Exploitation of Thunderbolt Protection Flaws
CAPEC-666 BlueSmacking
CAPEC-667 Bluetooth Impersonation AttackS (BIAS)
CAPEC-668 Key Negotiation of Bluetooth Attack (KNOB)
CAPEC-669 Alteration of a Software Update
CAPEC-670 Software Development Tools Maliciously Altered
CAPEC-671 Requirements for ASIC Functionality Maliciously Altered
CAPEC-672 Malicious Code Implanted During Chip Programming
CAPEC-673 Developer Signing Maliciously Altered Software
CAPEC-674 Design for FPGA Maliciously Altered
CAPEC-675 Retrieve Data from Decommissioned Devices
CAPEC-676 NoSQL Injection
CAPEC-677 Server Functionality Compromise
CAPEC-678 System Build Data Maliciously Altered

Patterns Deprecated
CAPEC-629 DEPRECATED: Unauthorized Use of Device Resources
Back to top

Category Changes

New Categories Added
CAPEC-684 Design
CAPEC-685 Development and Production
CAPEC-686 Distribution
CAPEC-687 Acquisition and Deployment
CAPEC-688 Sustainment
CAPEC-689 Disposal

Existing Categories Modified with Enhanced Material
CAPEC-437 Supply Chain
CAPEC-513 Software
CAPEC-515 Hardware

Categories Deprecated
Back to top

View Changes

Views Added
CAPEC-683 Supply Chain Risks

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top

Mapping Changes

CAPEC --> CWE Mappings Added
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
  --> CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
CAPEC-105 HTTP Request Splitting
  --> CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
  --> CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
CAPEC-273 HTTP Response Smuggling
  --> CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC-624 Hardware Fault Injection
  --> CWE-1338 Improper Protections Against Hardware Overheating
  --> CWE-1351 Improper Handling of Hardware Behavior in Exceptionally Cold Environments
CAPEC-682 Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities
  --> CWE-1277 Firmware Not Updateable
  --> CWE-1310 Missing Ability to Patch ROM Code
CAPEC-691 Spoof Open-Source Software Metadata
  --> CWE-494 Download of Code Without Integrity Check
CAPEC-692 Spoof Version Control System Commit Metadata
  --> CWE-494 Download of Code Without Integrity Check
CAPEC-693 StarJacking
  --> CWE-494 Download of Code Without Integrity Check
CAPEC-694 System Location Discovery
  --> CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
CAPEC-696 Load Value Injection
  --> CWE-1342 Information Exposure through Microarchitectural State after Transient Execution
CAPEC-697 DHCP Spoofing
  --> CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
CAPEC-698 Install Malicious Extension
  --> CWE-507 Trojan Horse
  --> CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CAPEC --> CWE Mappings Removed
CAPEC-141 Cache Poisoning
  --> CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
CAPEC-142 DNS Cache Poisoning
  --> CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
CAPEC-629 Unauthorized Use of Device Resources
  --> CWE-1290 Incorrect Decoding of Security Identifiers
  --> CWE-1292 Incorrect Conversion of Security Identifiers

CAPEC --> CAPEC Mappings Added
CAPEC-201 Serialized Data External Linking
Has Child   --> CAPEC-122 Privilege Abuse
CAPEC-221 Data Serialization External Entities Blowup
Has Child   --> CAPEC-231 Oversized Serialized Data Payloads
CAPEC-383 Harvesting Information via API Event Monitoring
CanPrecede   --> CAPEC-94 Adversary in the Middle (AiTM)
CAPEC-406 Dumpster Diving
CanPrecede   --> CAPEC-675 Retrieve Data from Decommissioned Devices
CAPEC-437 Supply Chain
Has Member   --> CAPEC-154 Resource Location Spoofing
Has Member   --> CAPEC-441 Malicious Logic Insertion
Has Member   --> CAPEC-690 Metadata Spoofing
CAPEC-513 Software
Has Member   --> CAPEC-690 Metadata Spoofing
CAPEC-515 Hardware
Has Member   --> CAPEC-151 Identity Spoofing
CAPEC-616 Establish Rogue Location
CanPrecede   --> CAPEC-691 Spoof Open-Source Software Metadata
CAPEC-682 Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities
Has Child   --> CAPEC-212 Functionality Misuse
CAPEC-683 Supply Chain Risks
Has Member   --> CAPEC-684 Design
Has Member   --> CAPEC-685 Development and Production
Has Member   --> CAPEC-686 Distribution
Has Member   --> CAPEC-687 Acquisition and Deployment
Has Member   --> CAPEC-688 Sustainment
Has Member   --> CAPEC-689 Disposal
CAPEC-684 Design
Has Member   --> CAPEC-447 Design Alteration
CAPEC-685 Development and Production
Has Member   --> CAPEC-444 Development Alteration
CAPEC-686 Distribution
Has Member   --> CAPEC-439 Manipulation During Distribution
CAPEC-687 Acquisition and Deployment
Has Member   --> CAPEC-536 Data Injected During Configuration
CAPEC-688 Sustainment
Has Member   --> CAPEC-184 Software Integrity Attack
Has Member   --> CAPEC-440 Hardware Integrity Attack
Has Member   --> CAPEC-441 Malicious Logic Insertion
Has Member   --> CAPEC-444 Development Alteration
Has Member   --> CAPEC-536 Data Injected During Configuration
CAPEC-689 Disposal
Has Member   --> CAPEC-675 Retrieve Data from Decommissioned Devices
CAPEC-691 Spoof Open-Source Software Metadata
CanPrecede   --> CAPEC-184 Software Integrity Attack
CanPrecede   --> CAPEC-444 Development Alteration
PeerOf   --> CAPEC-630 TypoSquatting
Has Child   --> CAPEC-690 Metadata Spoofing
CAPEC-692 Spoof Version Control System Commit Metadata
Has Child   --> CAPEC-691 Spoof Open-Source Software Metadata
CAPEC-693 StarJacking
Has Child   --> CAPEC-691 Spoof Open-Source Software Metadata
CAPEC-694 System Location Discovery
Has Child   --> CAPEC-169 Footprinting
CAPEC-695 Repo Jacking
Has Child   --> CAPEC-616 Establish Rogue Location
CAPEC-696 Load Value Injection
Has Child   --> CAPEC-663 Exploitation of Transient Instruction Execution
CAPEC-697 DHCP Spoofing
CanPrecede   --> CAPEC-94 Adversary in the Middle (AiTM)
CanPrecede   --> CAPEC-158 Sniffing Network Traffic
Has Child   --> CAPEC-194 Fake the Source of Data
CAPEC-698 Install Malicious Extension
Has Child   --> CAPEC-542 Targeted Malware

CAPEC --> CAPEC Mappings Removed
CAPEC-201 Serialized Data External Linking
Has Child   --> CAPEC-231 Oversized Serialized Data Payloads
CAPEC-221 Data Serialization External Entities Blowup
Has Child   --> CAPEC-122 Privilege Abuse
CAPEC-629 Unauthorized Use of Device Resources
Has Child   --> CAPEC-114 Authentication Abuse
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: September 29, 2022
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2025, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.