| CAPEC --> CWE Mappings Added |
| CAPEC-98 Phishing |
| --> |
CWE-451 |
User Interface (UI) Misrepresentation of Critical Information |
| CAPEC-138 Reflection Injection |
| --> |
CWE-470 |
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
| CAPEC-143 Detect Unpublicized Web Pages |
| --> |
CWE-425 |
Direct Request ('Forced Browsing') |
| CAPEC-144 Detect Unpublicized Web Services |
| --> |
CWE-425 |
Direct Request ('Forced Browsing') |
| CAPEC-149 Explore for Predictable Temporary File Names |
| --> |
CWE-377 |
Insecure Temporary File |
| CAPEC-154 Resource Location Spoofing |
| --> |
CWE-451 |
User Interface (UI) Misrepresentation of Critical Information |
| CAPEC-161 Infrastructure Manipulation |
| --> |
CWE-923 |
Improper Restriction of Communication Channel to Intended Endpoints |
| CAPEC-163 Spear Phishing |
| --> |
CWE-451 |
User Interface (UI) Misrepresentation of Critical Information |
| CAPEC-164 Mobile Phishing |
| --> |
CWE-451 |
User Interface (UI) Misrepresentation of Critical Information |
| CAPEC-173 Action Spoofing |
| --> |
CWE-451 |
User Interface (UI) Misrepresentation of Critical Information |
| CAPEC-178 Cross-Site Flashing |
| --> |
CWE-601 |
URL Redirection to Untrusted Site ('Open Redirect') |
| CAPEC-188 Reverse Engineering |
| --> |
CWE-1278 |
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
| CAPEC-216 Communication Channel Manipulation |
| --> |
CWE-306 |
Missing Authentication for Critical Function |
| CAPEC-227 Sustained Client Engagement |
| --> |
CWE-400 |
Uncontrolled Resource Consumption |
| CAPEC-331 ICMP IP Total Length Field Probe |
| --> |
CWE-204 |
Observable Response Discrepancy |
| CAPEC-332 ICMP IP 'ID' Field Error Message Probe |
| --> |
CWE-204 |
Observable Response Discrepancy |
| CAPEC-442 Infected Software |
| --> |
CWE-506 |
Embedded Malicious Code |
| CAPEC-448 Embed Virus into DLL |
| --> |
CWE-506 |
Embedded Malicious Code |
| CAPEC-456 Infected Memory |
| --> |
CWE-1257 |
Improper Access Control Applied to Mirrored or Aliased Memory Regions |
| --> |
CWE-1260 |
Improper Handling of Overlap Between Protected Memory Ranges |
| --> |
CWE-1274 |
Improper Access Control for Volatile Memory Containing Boot Code |
| --> |
CWE-1312 |
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall |
| --> |
CWE-1316 |
Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges |
| CAPEC-457 USB Memory Attacks |
| --> |
CWE-1299 |
Missing Protection Mechanism for Alternate Hardware Interface |
| CAPEC-458 Flash Memory Attacks |
| --> |
CWE-1282 |
Assumed-Immutable Data is Stored in Writable Memory |
| CAPEC-481 Contradictory Destinations in Traffic Routing Schemes |
| --> |
CWE-923 |
Improper Restriction of Communication Channel to Intended Endpoints |
| CAPEC-498 Probe iOS Screenshots |
| --> |
CWE-359 |
Exposure of Private Personal Information to an Unauthorized Actor |
| CAPEC-500 WebView Injection |
| --> |
CWE-749 |
Exposed Dangerous Method or Function |
| --> |
CWE-940 |
Improper Verification of Source of a Communication Channel |
| CAPEC-538 Open-Source Library Manipulation |
| --> |
CWE-494 |
Download of Code Without Integrity Check |
| --> |
CWE-829 |
Inclusion of Functionality from Untrusted Control Sphere |
| CAPEC-541 Application Fingerprinting |
| --> |
CWE-204 |
Observable Response Discrepancy |
| --> |
CWE-205 |
Observable Behavioral Discrepancy |
| --> |
CWE-208 |
Observable Timing Discrepancy |
| CAPEC-579 Replace Winlogon Helper DLL |
| --> |
CWE-15 |
External Control of System or Configuration Setting |
| CAPEC-580 System Footprinting |
| --> |
CWE-204 |
Observable Response Discrepancy |
| --> |
CWE-205 |
Observable Behavioral Discrepancy |
| --> |
CWE-208 |
Observable Timing Discrepancy |
| CAPEC-587 Cross Frame Scripting (XFS) |
| --> |
CWE-1021 |
Improper Restriction of Rendered UI Layers or Frames |
| CAPEC-625 Mobile Device Fault Injection |
| --> |
CWE-1247 |
Improper Protection Against Voltage and Clock Glitches |
| --> |
CWE-1248 |
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications |
| --> |
CWE-1256 |
Improper Restriction of Software Interfaces to Hardware Features |
| --> |
CWE-1319 |
Improper Protection against Electromagnetic Fault Injection (EM-FI) |
| --> |
CWE-1332 |
Improper Handling of Faults that Lead to Instruction Skips |
| --> |
CWE-1334 |
Unauthorized Error Injection Can Degrade Hardware Redundancy |
| --> |
CWE-1338 |
Improper Protections Against Hardware Overheating |
| --> |
CWE-1351 |
Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
| CAPEC-632 Homograph Attack via Homoglyphs |
| --> |
CWE-1007 |
Insufficient Visual Distinction of Homoglyphs Presented to User |
| CAPEC-636 Hiding Malicious Data or Code within Files |
| --> |
CWE-506 |
Embedded Malicious Code |
| CAPEC-640 Inclusion of Code in Existing Process |
| --> |
CWE-114 |
Process Control |
| --> |
CWE-829 |
Inclusion of Functionality from Untrusted Control Sphere |
| CAPEC-675 Retrieve Data from Decommissioned Devices |
| --> |
CWE-1266 |
Improper Scrubbing of Sensitive Data from Decommissioned Device |
| CAPEC-695 Repo Jacking |
| --> |
CWE-494 |
Download of Code Without Integrity Check |
| --> |
CWE-829 |
Inclusion of Functionality from Untrusted Control Sphere |
| CAPEC-699 Eavesdropping on a Monitor |
| --> |
CWE-1300 |
Improper Protection of Physical Side Channels |
| CAPEC-701 Browser in the Middle (BiTM) |
| --> |
CWE-294 |
Authentication Bypass by Capture-replay |
| --> |
CWE-345 |
Insufficient Verification of Data Authenticity |
| CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components |
| --> |
CWE-1296 |
Incorrect Chaining or Granularity of Debug Components |
| CAPEC --> CAPEC Mappings Added |
| CAPEC-156 Engage in Deceptive Interactions |
|
Has Member --> |
CAPEC-690 |
Metadata Spoofing |
| CAPEC-216 Communication Channel Manipulation |
|
CanPrecede --> |
CAPEC-94 |
Adversary in the Middle (AiTM) |
| CAPEC-403 Social Engineering |
|
Has Member --> |
CAPEC-690 |
Metadata Spoofing |
| CAPEC-437 Supply Chain |
|
Has Member --> |
CAPEC-176 |
Configuration/Environment Manipulation |
| CAPEC-548 Contaminate Resource |
|
CanPrecede --> |
CAPEC-607 |
Obstruction |
| CAPEC-587 Cross Frame Scripting (XFS) |
|
Has Child --> |
CAPEC-103 |
Clickjacking |
| CAPEC-685 Development and Production |
|
Has Member --> |
CAPEC-690 |
Metadata Spoofing |
| CAPEC-688 Sustainment |
|
Has Member --> |
CAPEC-690 |
Metadata Spoofing |
| CAPEC-699 Eavesdropping on a Monitor |
|
Has Child --> |
CAPEC-651 |
Eavesdropping |
| CAPEC-700 Network Boundary Bridging |
|
CanFollow --> |
CAPEC-70 |
Try Common or Default Usernames and Passwords |
|
Has Child --> |
CAPEC-161 |
Infrastructure Manipulation |
|
CanFollow --> |
CAPEC-560 |
Use of Known Domain Credentials |
| CAPEC-701 Browser in the Middle (BiTM) |
|
Has Child --> |
CAPEC-94 |
Adversary in the Middle (AiTM) |
|
CanFollow --> |
CAPEC-98 |
Phishing |
|
CanPrecede --> |
CAPEC-148 |
Content Spoofing |
|
CanPrecede --> |
CAPEC-151 |
Identity Spoofing |
| CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components |
|
Has Child --> |
CAPEC-180 |
Exploiting Incorrectly Configured Access Control Security Levels |
| CAPEC-703 Industrial Control System (ICS) Patterns |
|
Has Member --> |
CAPEC-1 |
Accessing Functionality Not Properly Constrained by ACLs |
|
Has Member --> |
CAPEC-57 |
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data |
|
Has Member --> |
CAPEC-65 |
Sniff Application Code |
|
Has Member --> |
CAPEC-70 |
Try Common or Default Usernames and Passwords |
|
Has Member --> |
CAPEC-94 |
Adversary in the Middle (AiTM) |
|
Has Member --> |
CAPEC-98 |
Phishing |
|
Has Member --> |
CAPEC-125 |
Flooding |
|
Has Member --> |
CAPEC-130 |
Excessive Allocation |
|
Has Member --> |
CAPEC-131 |
Resource Leak Exposure |
|
Has Member --> |
CAPEC-141 |
Cache Poisoning |
|
Has Member --> |
CAPEC-148 |
Content Spoofing |
|
Has Member --> |
CAPEC-158 |
Sniffing Network Traffic |
|
Has Member --> |
CAPEC-163 |
Spear Phishing |
|
Has Member --> |
CAPEC-165 |
File Manipulation |
|
Has Member --> |
CAPEC-169 |
Footprinting |
|
Has Member --> |
CAPEC-177 |
Create files with the same name as files protected with a higher classification |
|
Has Member --> |
CAPEC-180 |
Exploiting Incorrectly Configured Access Control Security Levels |
|
Has Member --> |
CAPEC-184 |
Software Integrity Attack |
|
Has Member --> |
CAPEC-191 |
Read Sensitive Constants Within an Executable |
|
Has Member --> |
CAPEC-227 |
Sustained Client Engagement |
|
Has Member --> |
CAPEC-268 |
Audit Log Manipulation |
|
Has Member --> |
CAPEC-292 |
Host Discovery |
|
Has Member --> |
CAPEC-309 |
Network Topology Mapping |
|
Has Member --> |
CAPEC-312 |
Active OS Fingerprinting |
|
Has Member --> |
CAPEC-313 |
Passive OS Fingerprinting |
|
Has Member --> |
CAPEC-438 |
Modification During Manufacture |
|
Has Member --> |
CAPEC-439 |
Manipulation During Distribution |
|
Has Member --> |
CAPEC-441 |
Malicious Logic Insertion |
|
Has Member --> |
CAPEC-457 |
USB Memory Attacks |
|
Has Member --> |
CAPEC-473 |
Signature Spoof |
|
Has Member --> |
CAPEC-504 |
Task Impersonation |
|
Has Member --> |
CAPEC-540 |
Overread Buffers |
|
Has Member --> |
CAPEC-547 |
Physical Destruction of Device or Component |
|
Has Member --> |
CAPEC-552 |
Install Rootkit |
|
Has Member --> |
CAPEC-555 |
Remote Services with Stolen Credentials |
|
Has Member --> |
CAPEC-560 |
Use of Known Domain Credentials |
|
Has Member --> |
CAPEC-573 |
Process Footprinting |
|
Has Member --> |
CAPEC-580 |
System Footprinting |
|
Has Member --> |
CAPEC-603 |
Blockage |
|
Has Member --> |
CAPEC-607 |
Obstruction |
|
Has Member --> |
CAPEC-635 |
Alternative Execution Due to Deceptive Filenames |
|
Has Member --> |
CAPEC-648 |
Collect Data from Screen Capture |
|
Has Member --> |
CAPEC-649 |
Adding a Space to a File Extension |
|
Has Member --> |
CAPEC-690 |
Metadata Spoofing |
|
Has Member --> |
CAPEC-691 |
Spoof Open-Source Software Metadata |
|
Has Member --> |
CAPEC-692 |
Spoof Version Control System Commit Metadata |
