New to CAPEC? Start Here
Home > CAPEC List > VIEW SLICE: CAPEC-483: Deprecated Entries(Version 3.9)  

CAPEC VIEW: Deprecated Entries

View ID: 483
Structure: Implicit
Downloads: Booklet | CSV | XML
+ Objective
CAPEC nodes in this view (slice) have been deprecated.
+ Filter
/Attack_Pattern_Catalog/*/*[@Status='Deprecated']
+ Membership
NatureTypeIDName
HasMemberDeprecatedDeprecated56DEPRECATED: Removing/short-circuiting 'guard logic'
HasMemberDeprecatedDeprecated82DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
HasMemberDeprecatedDeprecated91DEPRECATED: XSS in IMG Tags
HasMemberDeprecatedDeprecated99DEPRECATED: XML Parser Attack
HasMemberDeprecatedDeprecated106DEPRECATED: XSS through Log Files
HasMemberDeprecatedDeprecated119DEPRECATED: Deplete Resources
HasMemberDeprecatedDeprecated171DEPRECATED: Variable Manipulation
HasMemberDeprecatedDeprecated205DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)
HasMemberDeprecatedDeprecated211DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
HasMemberDeprecatedDeprecated213DEPRECATED: Directory Traversal
HasMemberDeprecatedDeprecated214DEPRECATED: Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
HasMemberDeprecatedDeprecated232DEPRECATED: Exploitation of Authorization
HasMemberDeprecatedDeprecated235DEPRECATED: Implementing a callback to system routine (old AWT Queue)
HasMemberDeprecatedDeprecated236DEPRECATED: Catching exception throw/signal from privileged block
HasMemberDeprecatedDeprecated238DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
HasMemberDeprecatedDeprecated239DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.
HasMemberDeprecatedDeprecated241DEPRECATED: Code Injection
HasMemberDeprecatedDeprecated246DEPRECATED: XSS Using Flash
HasMemberDeprecatedDeprecated249DEPRECATED: Linux Terminal Injection
HasMemberDeprecatedDeprecated254DEPRECATED: DTD Injection in a SOAP Message
HasMemberDeprecatedDeprecated257DEPRECATED: Abuse of Transaction Data Structure
HasMemberDeprecatedDeprecated258DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
HasMemberDeprecatedDeprecated259DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
HasMemberDeprecatedDeprecated260DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
HasMemberDeprecatedDeprecated264DEPRECATED: Environment Variable Manipulation
HasMemberDeprecatedDeprecated265DEPRECATED: Global variable manipulation
HasMemberDeprecatedDeprecated266DEPRECATED: Manipulate Canonicalization
HasMemberDeprecatedDeprecated269DEPRECATED: Registry Manipulation
HasMemberDeprecatedDeprecated280DEPRECATED: SOAP Parameter Tampering
HasMemberDeprecatedDeprecated281DEPRECATED: Analyze Target
HasMemberDeprecatedDeprecated286DEPRECATED: Reconnaissance
HasMemberDeprecatedDeprecated288DEPRECATED: ICMP Echo Request Ping
HasMemberDeprecatedDeprecated289DEPRECATED: Infrastructure-based footprinting
HasMemberDeprecatedDeprecated311DEPRECATED: OS Fingerprinting
HasMemberDeprecatedDeprecated314DEPRECATED: IP Fingerprinting Probes
HasMemberDeprecatedDeprecated315DEPRECATED: TCP/IP Fingerprinting Probes
HasMemberDeprecatedDeprecated316DEPRECATED: ICMP Fingerprinting Probes
HasMemberDeprecatedDeprecated334DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication
HasMemberDeprecatedDeprecated335DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization
HasMemberDeprecatedDeprecated336DEPRECATED: WASC-03 - Integer Overflows
HasMemberDeprecatedDeprecated337DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection
HasMemberDeprecatedDeprecated338DEPRECATED: WASC-05 - Remote File Inclusion
HasMemberDeprecatedDeprecated339DEPRECATED: WASC-06 - Format String
HasMemberDeprecatedDeprecated340DEPRECATED: WASC-07 - Buffer Overflow
HasMemberDeprecatedDeprecated341DEPRECATED: WASC-08 - Cross-Site Scripting
HasMemberDeprecatedDeprecated342DEPRECATED: WASC-09 - Cross-Site Request Forgery
HasMemberDeprecatedDeprecated343DEPRECATED: WASC-10 - Denial of Service
HasMemberDeprecatedDeprecated344DEPRECATED: WASC-11 - Brute Force
HasMemberDeprecatedDeprecated345DEPRECATED: WASC-12 - Content Spoofing
HasMemberDeprecatedDeprecated346DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage
HasMemberDeprecatedDeprecated347DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration
HasMemberDeprecatedDeprecated348DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration
HasMemberDeprecatedDeprecated349DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing
HasMemberDeprecatedDeprecated350DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions
HasMemberDeprecatedDeprecated351DEPRECATED: WASC-18 - Credential/Session Prediction
HasMemberDeprecatedDeprecated352DEPRECATED: WASC-19 - SQL Injection
HasMemberDeprecatedDeprecated353DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling
HasMemberDeprecatedDeprecated354DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation
HasMemberDeprecatedDeprecated355DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling
HasMemberDeprecatedDeprecated356DEPRECATED: WASC-23 - XML Injection
HasMemberDeprecatedDeprecated357DEPRECATED: WASC-24 - HTTP Request Splitting
HasMemberDeprecatedDeprecated358DEPRECATED: WASC-25 - HTTP Response Splitting
HasMemberDeprecatedDeprecated359DEPRECATED: WASC-26 - HTTP Request Smuggling
HasMemberDeprecatedDeprecated360DEPRECATED: WASC-27 - HTTP Response Smuggling
HasMemberDeprecatedDeprecated361DEPRECATED: WASC-28 - Null Byte Injection
HasMemberDeprecatedDeprecated362DEPRECATED: WASC-29 - LDAP Injection
HasMemberDeprecatedDeprecated363DEPRECATED: WASC-30 - Mail Command Injection
HasMemberDeprecatedDeprecated364DEPRECATED: WASC-31 - OS Commanding
HasMemberDeprecatedDeprecated365DEPRECATED: WASC-32 - Routing Detour
HasMemberDeprecatedDeprecated366DEPRECATED: WASC-33 - Path Traversal
HasMemberDeprecatedDeprecated367DEPRECATED: WASC-34 - Predictable Resource Location
HasMemberDeprecatedDeprecated368DEPRECATED: WASC-35 - SOAP Array Abuse
HasMemberDeprecatedDeprecated369DEPRECATED: WASC-36 - SSI Injection
HasMemberDeprecatedDeprecated370DEPRECATED: WASC-37 - Session Fixation
HasMemberDeprecatedDeprecated371DEPRECATED: WASC-38 - URL Redirector Abuse
HasMemberDeprecatedDeprecated372DEPRECATED: WASC-39 - XPath Injection
HasMemberDeprecatedDeprecated373DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation
HasMemberDeprecatedDeprecated374DEPRECATED: WASC-41 - XML Attribute Blowup
HasMemberDeprecatedDeprecated375DEPRECATED: WASC-42 - Abuse of Functionality
HasMemberDeprecatedDeprecated376DEPRECATED: WASC-43 - XML External Entities
HasMemberDeprecatedDeprecated377DEPRECATED: WASC-44 - XML Entity Expansion
HasMemberDeprecatedDeprecated378DEPRECATED: WASC-45 - Fingerprinting
HasMemberDeprecatedDeprecated379DEPRECATED: WASC-46 - XQuery Injection
HasMemberDeprecatedDeprecated380DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration
HasMemberDeprecatedDeprecated381DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing
HasMemberDeprecatedDeprecated382DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery
HasMemberDeprecatedDeprecated396DEPRECATED: Bypassing Card or Badge-Based Systems
HasMemberDeprecatedDeprecated404DEPRECATED: Social Information Gathering Attacks
HasMemberDeprecatedDeprecated405DEPRECATED: Social Information Gathering via Research
HasMemberDeprecatedDeprecated408DEPRECATED: Information Gathering from Traditional Sources
HasMemberDeprecatedDeprecated409DEPRECATED: Information Gathering from Non-Traditional Sources
HasMemberDeprecatedDeprecated411DEPRECATED: Pretexting
HasMemberDeprecatedDeprecated419DEPRECATED: Target Influence via Perception of Concession
HasMemberDeprecatedDeprecated430DEPRECATED: Target Influence via Micro-Expressions
HasMemberDeprecatedDeprecated431DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)
HasMemberDeprecatedDeprecated432DEPRECATED: Target Influence via Voice in NLP
HasMemberDeprecatedDeprecated436DEPRECATED: Gain Physical Access
HasMemberDeprecatedDeprecated449DEPRECATED: Malware Propagation via USB Stick
HasMemberDeprecatedDeprecated450DEPRECATED: Malware Propagation via USB U3 Autorun
HasMemberDeprecatedDeprecated451DEPRECATED: Malware Propagation via Infected Peripheral Device
HasMemberDeprecatedDeprecated453DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware
HasMemberDeprecatedDeprecated454DEPRECATED: Modification of Existing Components with Counterfeit Hardware
HasMemberDeprecatedDeprecated455DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
HasMemberDeprecatedDeprecated484DEPRECATED: XML Client-Side Attack
HasMemberDeprecatedDeprecated525DEPRECATED: Execute Code
HasMemberDeprecatedDeprecated526DEPRECATED: Alter System Components
HasMemberDeprecatedDeprecated527DEPRECATED: Manipulate System Users
HasMemberDeprecatedDeprecated557DEPRECATED: Schedule Software To Run
HasMemberDeprecatedDeprecated566DEPRECATED: Dump Password Hashes
HasMemberDeprecatedDeprecated567DEPRECATED: Obtain Data via Utilities
HasMemberDeprecatedDeprecated570DEPRECATED: Signature-Based Avoidance
HasMemberDeprecatedDeprecated602DEPRECATED: Degradation
HasMemberDeprecatedDeprecated629DEPRECATED: Unauthorized Use of Device Resources
+ View Metrics
CAPECs in this view
Attack Patterns56
Categories57
Views0
Total113
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
View Components
View Components
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

CAPEC-430: DEPRECATED: Target Influence via Micro-Expressions

Attack Pattern ID: 430
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Target Influence via Micro-Expressions

CAPEC-431: DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)

Attack Pattern ID: 431
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Target Influence via Neuro-Linguistic Programming (NLP)

CAPEC-432: DEPRECATED: Target Influence via Voice in NLP

Attack Pattern ID: 432
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Target Influence via Voice in NLP

CAPEC-257: DEPRECATED: Abuse of Transaction Data Structure

Attack Pattern ID: 257
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Abuse of Transaction Data Structure

CAPEC CATEGORY: DEPRECATED: Alter System Components

Category ID: 526
 
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Alter System Components

CAPEC CATEGORY: DEPRECATED: Analyze Target

Category ID: 281
 
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Other_Notes
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Analyze Target

CAPEC-396: DEPRECATED: Bypassing Card or Badge-Based Systems

Attack Pattern ID: 396
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it a generalization of CAPEC-397: Cloning Magnetic Strip Cards, CAPEC-398: Magnetic Strip Card Brute Force Attacks, CAPEC-399: Cloning RFID Cards or Chips and CAPEC-400: RFID Chip Deactivation or Destruction. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2019-09-30
(Version 3.2)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2019-09-30
(Version 3.2)
Bypassing Card or Badge-Based Systems

CAPEC-236: DEPRECATED: Catching exception throw/signal from privileged block

Attack Pattern ID: 236
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it did not have enough distinction from CAPEC-30 : Hijacking a Privileged Thread of Execution. Please refer to CAPEC-30 moving forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Resources_Required
2020-07-30
(Version 3.3)
CAPEC Content TeamThe MITRE Corporation
Updated Execution_Flow
2021-10-21
(Version 3.6)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Likelihood_Of_Attack, Mitigations, Prerequisites, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2021-10-21
(Version 3.6)
Catching exception throw/signal from privileged block

CAPEC-241: DEPRECATED: Code Injection

Attack Pattern ID: 241
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-242 : Code Injection". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07
(Version 2.8)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Code Injection

CAPEC-602: DEPRECATED: Degradation

Attack Pattern ID: 602
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Degradation

CAPEC CATEGORY: DEPRECATED: Deplete Resources

Category ID: 119
 
+ Summary
This category has been deprecated as it is no longer used by any of the Views.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description, Related_Weaknesses, Resources_Required
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Deplete Resources

CAPEC-213: DEPRECATED: Directory Traversal

Attack Pattern ID: 213
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-126 : Path Traversal". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07
(Version 2.8)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09
(Version 2.9)
Directory Traversal

CAPEC-254: DEPRECATED: DTD Injection in a SOAP Message

Attack Pattern ID: 254
Abstraction: Detailed
View customized information:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the pattern CAPEC-228 : DTD Injection going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
DTD Injection in a SOAP Message

CAPEC-566: DEPRECATED: Dump Password Hashes

Attack Pattern ID: 566
Abstraction: Detailed
View customized information:
+ Description
This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2019-04-04
(Version 3.1)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Prerequisites, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2019-04-04
(Version 3.1)
Dump Password Hashes

CAPEC-264: DEPRECATED: Environment Variable Manipulation

Attack Pattern ID: 264
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-13 : Subverting Environment Variable Values". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Environment Variable Manipulation

CAPEC CATEGORY: DEPRECATED: Execute Code

Category ID: 525
 
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Relationships
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2015-11-09
(Version 2.7)
Malicious Code Execution
2017-05-01
(Version 2.10)
Execute Code

CAPEC CATEGORY: DEPRECATED: Exploitation of Authorization

Category ID: 232
 
+ Summary
This category has been deprecated as it is no longer used by any of the Views.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07
(Version 2.8)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Weaknesses, Relationships
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Exploitation of Authorization

CAPEC-214: DEPRECATED: Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping

Attack Pattern ID: 214
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it was merged into "CAPEC-215 : Fuzzing for application mapping". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Prerequisites, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping

CAPEC CATEGORY: DEPRECATED: Gain Physical Access

Category ID: 436
 
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Gain Physical Access

CAPEC-265: DEPRECATED: Global variable manipulation

Attack Pattern ID: 265
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-77 : Manipulating User-Controlled Variables". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Global variable manipulation

CAPEC-288: DEPRECATED: ICMP Echo Request Ping

Attack Pattern ID: 288
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-285". Please refer to this other CAPEC going forward.
+ Typical Severity

Low

+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns

CAPEC-316: DEPRECATED: ICMP Fingerprinting Probes

Attack Pattern ID: 316
Abstraction: Standard
View customized information:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that are children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
ICMP Fingerprinting Probes

CAPEC-235: DEPRECATED: Implementing a callback to system routine (old AWT Queue)

Attack Pattern ID: 235
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated. Please refer to CAPEC:30 - Hijacking a Privileged Thread of Execution.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Implementing a callback to system routine (old AWT Queue)

CAPEC-409: DEPRECATED: Information Gathering from Non-Traditional Sources

Attack Pattern ID: 409
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04
(Version 2.11)
Information Gathering from Non-Traditional Sources

CAPEC-408: DEPRECATED: Information Gathering from Traditional Sources

Attack Pattern ID: 408
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04
(Version 2.11)
Information Gathering from Traditional Sources

CAPEC-289: DEPRECATED: Infrastructure-based footprinting

Attack Pattern ID: 289
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the meta level pattern CAPEC-169 : going forward, or to any of its children patterns.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Targeted_OSI_Layers, Typical_Severity

CAPEC-314: DEPRECATED: IP Fingerprinting Probes

Attack Pattern ID: 314
Abstraction: Standard
View customized information:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
IP Fingerprinting Probes

CAPEC-211: DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior

Attack Pattern ID: 211
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07
(Version 2.8)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior

CAPEC-205: DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)

Attack Pattern ID: 205
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-37 : Retrieve Embedded Sensitive Data. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Lifting credential(s)/key material embedded in client distributions (thick or thin)

CAPEC-249: DEPRECATED: Linux Terminal Injection

Attack Pattern ID: 249
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it is covered by "CAPEC-40 : Manipulating Writeable Terminal Devices". Please refer to this CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Linux Terminal Injection

CAPEC-453: DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware

Attack Pattern ID: 453
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Malicious Logic Insertion via Counterfeit Hardware

CAPEC-455: DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components

Attack Pattern ID: 455
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-457 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components

CAPEC-451: DEPRECATED: Malware Propagation via Infected Peripheral Device

Attack Pattern ID: 451
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated References
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Malware Propagation via Infected Peripheral Device

CAPEC-449: DEPRECATED: Malware Propagation via USB Stick

Attack Pattern ID: 449
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Malware Propagation via USB Stick

CAPEC-450: DEPRECATED: Malware Propagation via USB U3 Autorun

Attack Pattern ID: 450
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Embed Virus into DLL. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
2022-09-29
(Version 3.8)
CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Malware Propagation via USB U3 Autorun

CAPEC-266: DEPRECATED: Manipulate Canonicalization

Attack Pattern ID: 266
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Manipulate Canonicalization

CAPEC CATEGORY: DEPRECATED: Manipulate System Users

Category ID: 527
 
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Manipulate System Users

CAPEC-454: DEPRECATED: Modification of Existing Components with Counterfeit Hardware

Attack Pattern ID: 454
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Modification of Existing Components with Counterfeit Hardware

CAPEC-567: DEPRECATED: Obtain Data via Utilities

Attack Pattern ID: 567
Abstraction: Standard
View customized information:
+ Description
This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
2020-07-30
(Version 3.3)
CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Obtain Data via Utilities

CAPEC-311: DEPRECATED: OS Fingerprinting

Attack Pattern ID: 311
Abstraction: Standard
View customized information:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level patterns CAPEC-312 : Active OS Fingerprinting or CAPEC-313 : Passive OS Fingerprinting going forward, or to any of the detailed patterns that are children of them.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated References
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
OS Fingerprinting

CAPEC-258: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update

Attack Pattern ID: 258
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09
(Version 2.9)
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update

CAPEC-260: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution

Attack Pattern ID: 260
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09
(Version 2.9)
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution

CAPEC-259: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching

Attack Pattern ID: 259
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09
(Version 2.9)
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching

CAPEC-411: DEPRECATED: Pretexting

Attack Pattern ID: 411
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-407 : Social Information Gathering via Pretexting". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity

CAPEC CATEGORY: DEPRECATED: Reconnaissance

Category ID: 286
 
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Reconnaissance

CAPEC-269: DEPRECATED: Registry Manipulation

Attack Pattern ID: 269
Abstraction: Meta
View customized information:
+ Description
This pattern has been deprecated as it was determined to be a duplicate of another pattern. Please refer to the pattern CAPEC-203 : Manipulate Application Registry Values going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns

CAPEC-56: DEPRECATED: Removing/short-circuiting 'guard logic'

Attack Pattern ID: 56
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-207 : Removing Important Client Functionality. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07
(Version 2.8)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Payload, Payload_Activation_Impact, Platforms, Probing_Techniques, Purposes, Related_Attack_Patterns, Related_Guidelines, Related_Security_Principles, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Removing/short-circuiting 'guard logic'

CAPEC-557: DEPRECATED: Schedule Software To Run

Attack Pattern ID: 557
Abstraction: Detailed
View customized information:
+ Description
This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Solutions_and_Mitigations
2020-07-30
(Version 3.3)
CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Schedule Software To Run

CAPEC-570: DEPRECATED: Signature-Based Avoidance

Attack Pattern ID: 570
Abstraction: Detailed
View customized information:
+ Description
This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Solutions_and_Mitigations
2020-07-30
(Version 3.3)
CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Signature-Based Avoidance

CAPEC-280: DEPRECATED: SOAP Parameter Tampering

Attack Pattern ID: 280
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as its contents have been included in CAPEC-279 : SOAP Manipulation. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
SOAP Parameter Tampering

CAPEC-404: DEPRECATED: Social Information Gathering Attacks

Attack Pattern ID: 404
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ References
[REF-348] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04
(Version 2.11)
Social Information Gathering Attacks

CAPEC-405: DEPRECATED: Social Information Gathering via Research

Attack Pattern ID: 405
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ References
[REF-348] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04
(Version 2.11)
Social Information Gathering via Research

CAPEC-239: DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.

Attack Pattern ID: 239
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it did not contain any content and did not serve any useful purpose. Please refer to "CAPEC-207: removing Important Client Functionality" going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07
(Version 2.8)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
2019-04-04
(Version 3.1)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Subversion of authorization checks: cache filtering, programmatic security, etc.
2019-04-04
(Version 3.1)
Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.

CAPEC-419: DEPRECATED: Target Influence via Perception of Concession

Attack Pattern ID: 419
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04
(Version 2.11)
Target Influence via Perception of Concession

CAPEC-315: DEPRECATED: TCP/IP Fingerprinting Probes

Attack Pattern ID: 315
Abstraction: Standard
View customized information:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that are children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
TCP/IP Fingerprinting Probes

CAPEC-629: DEPRECATED: Unauthorized Use of Device Resources

Attack Pattern ID: 629
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, Description Summary
2019-09-30
(Version 3.2)
CAPEC Content TeamThe MITRE Corporation
Updated @Abstraction
2020-07-30
(Version 3.3)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2021-06-24
(Version 3.5)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Weaknesses
2022-09-29
(Version 3.8)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Related_Attack_Patterns, Related_Weaknesses, Skills_Required
Previous Entry Names
Change DatePrevious Entry Name
2022-09-29
(Version 3.8)
Unauthorized Use of Device Resources

CAPEC-238: DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege

Attack Pattern ID: 238
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it did not appear to be a valid attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31
(Version 2.12)
Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege

CAPEC-171: DEPRECATED: Variable Manipulation

Attack Pattern ID: 171
Abstraction: Meta
View customized information:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-77 : Manipulating User-Controlled Variables". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Variable Manipulation

CAPEC-82: DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))

Attack Pattern ID: 82
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads, CAPEC-231: XML Oversized Payloads, and CAPEC-147: XML Ping of Death. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
2019-09-30
(Version 3.2)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Consequences, Description, Example_Instances, Likelihood_Of_Attack, Mitigations, Prerequisites, Related_Weaknesses, Skills_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2019-09-30
(Version 3.2)
Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication

Category ID: 334
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Authentication
+ References
[REF-275] "WASC Threat Classification 2.0". WASC-01 - Insufficient Authentication. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Authentication>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization

Category ID: 335
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Authorization
+ References
[REF-276] "WASC Threat Classification 2.0". WASC-02 - Insufficient Authorization. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Authorization>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection

Category ID: 337
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Transport Layer Protection
+ References
[REF-278] "WASC Threat Classification 2.0". WASC-04 - Insufficient Transport Layer Protection. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Transport-Layer-Protection>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage

Category ID: 346
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Information Leakage
+ References
[REF-288] "WASC Threat Classification 2.0". WASC-13 - Information Leakage. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Information-Leakage>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration

Category ID: 347
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Server Misconfiguration
+ References
[REF-289] "WASC Threat Classification 2.0". WASC-14 - Server Misconfiguration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Server-Misconfiguration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration

Category ID: 348
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Application Misconfiguration
+ References
[REF-290] "WASC Threat Classification 2.0". WASC-15 - Application Misconfiguration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Application-Misconfiguration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing

Category ID: 349
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Directory Indexing
+ References
[REF-11] "WASC Threat Classification 2.0". WASC-16 - Directory Indexing. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Directory-Indexing>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions

Category ID: 350
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Filesystem Permissions
+ References
[REF-293] "WASC Threat Classification 2.0". WASC-17 - Improper Filesystem Permissions. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Filesystem-Permissions>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling

Category ID: 353
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Input Handling
+ References
[REF-108] "WASC Threat Classification 2.0". WASC-20 - Improper Input Handling. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Input-Handling>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation

Category ID: 354
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Anti-automation
+ References
[REF-297] "WASC Threat Classification 2.0". WASC-21 - Insufficient Anti-automation. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient+Anti-automation>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling

Category ID: 355
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Output Handling
+ References
[REF-298] "WASC Threat Classification 2.0". WASC-22 - Improper Output Handling. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Output-Handling>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation

Category ID: 373
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Process Validation
+ References
[REF-316] "WASC Threat Classification 2.0". WASC-40 - Insufficient Process Validation. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Process-Validation>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration

Category ID: 380
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Session Expiration
+ References
[REF-324] "WASC Threat Classification 2.0". WASC-47 - Insufficient Session Expiration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Session-Expiration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing

Category ID: 381
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insecure Indexing
+ References
[REF-325] "WASC Threat Classification 2.0". WASC-48 - Insecure Indexing. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insecure-Indexing>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery

Category ID: 382
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Password Recovery
+ References
[REF-326] "WASC Threat Classification 2.0". WASC-49 - Insufficient Password Recovery. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Password-Recovery>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation

CAPEC CATEGORY: DEPRECATED: WASC-03 - Integer Overflows

Category ID: 336
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Integer Overflows
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-03 - Integer Overflows

CAPEC CATEGORY: DEPRECATED: WASC-05 - Remote File Inclusion

Category ID: 338
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Remote File Inclusion
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-05 - Remote File Inclusion

CAPEC CATEGORY: DEPRECATED: WASC-06 - Format String

Category ID: 339
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Format String
+ Membership
NatureTypeIDName
HasMemberDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.67String Format Overflow in syslog()
+ References
[REF-15] Robert Auger. "WASC Threat Classification 2.0". WASC-06 - Format String. The Web Application Security Consortium (WASC). <http://projects.webappsec.org/Format-String>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-06 - Format String

CAPEC CATEGORY: DEPRECATED: WASC-07 - Buffer Overflow

Category ID: 340
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Buffer Overflow
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-07 - Buffer Overflow

CAPEC CATEGORY: DEPRECATED: WASC-08 - Cross-Site Scripting

Category ID: 341
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Cross-Site Scripting
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-08 - Cross-Site Scripting

CAPEC CATEGORY: DEPRECATED: WASC-09 - Cross-Site Request Forgery

Category ID: 342
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Cross-Site Request Forgery
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-09 - Cross-Site Request Forgery

CAPEC CATEGORY: DEPRECATED: WASC-10 - Denial of Service

Category ID: 343
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Denial of Service - see view 333
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships, Summary
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-10 - Denial of Service

CAPEC CATEGORY: DEPRECATED: WASC-11 - Brute Force

Category ID: 344
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Brute Force
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-11 - Brute Force

CAPEC CATEGORY: DEPRECATED: WASC-12 - Content Spoofing

Category ID: 345
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Content Spoofing
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-12 - Content Spoofing

CAPEC CATEGORY: DEPRECATED: WASC-18 - Credential/Session Prediction

Category ID: 351
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Credential/Session Prediction
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-18 - Credential/Session Prediction

CAPEC CATEGORY: DEPRECATED: WASC-19 - SQL Injection

Category ID: 352
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item SQL Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-19 - SQL Injection

CAPEC CATEGORY: DEPRECATED: WASC-23 - XML Injection

Category ID: 356
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item XML Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-23 - XML Injection

CAPEC CATEGORY: DEPRECATED: WASC-24 - HTTP Request Splitting

Category ID: 357
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item HTTP Request Splitting
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-24 - HTTP Request Splitting

CAPEC CATEGORY: DEPRECATED: WASC-25 - HTTP Response Splitting

Category ID: 358
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item HTTP Response Splitting
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-25 - HTTP Response Splitting

CAPEC CATEGORY: DEPRECATED: WASC-26 - HTTP Request Smuggling

Category ID: 359
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item HTTP Request Smuggling
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-26 - HTTP Request Smuggling

CAPEC CATEGORY: DEPRECATED: WASC-27 - HTTP Response Smuggling

Category ID: 360
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item HTTP Response Smuggling
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-27 - HTTP Response Smuggling

CAPEC CATEGORY: DEPRECATED: WASC-28 - Null Byte Injection

Category ID: 361
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Null Byte Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-28 - Null Byte Injection

CAPEC CATEGORY: DEPRECATED: WASC-29 - LDAP Injection

Category ID: 362
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item LDAP Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-29 - LDAP Injection

CAPEC CATEGORY: DEPRECATED: WASC-30 - Mail Command Injection

Category ID: 363
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Mail Command Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-30 - Mail Command Injection

CAPEC CATEGORY: DEPRECATED: WASC-31 - OS Commanding

Category ID: 364
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item OS Commanding
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-31 - OS Commanding

CAPEC CATEGORY: DEPRECATED: WASC-32 - Routing Detour

Category ID: 365
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Routing Detour
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-32 - Routing Detour

CAPEC CATEGORY: DEPRECATED: WASC-33 - Path Traversal

Category ID: 366
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Path Traversal
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-33 - Path Traversal

CAPEC CATEGORY: DEPRECATED: WASC-34 - Predictable Resource Location

Category ID: 367
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Predictable Resource Location
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-34 - Predictable Resource Location

CAPEC CATEGORY: DEPRECATED: WASC-35 - SOAP Array Abuse

Category ID: 368
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item SOAP Array Abuse
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-35 - SOAP Array Abuse

CAPEC CATEGORY: DEPRECATED: WASC-36 - SSI Injection

Category ID: 369
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item SSI Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-36 - SSI Injection

CAPEC CATEGORY: DEPRECATED: WASC-37 - Session Fixation

Category ID: 370
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Session Fixation
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-37 - Session Fixation

CAPEC CATEGORY: DEPRECATED: WASC-38 - URL Redirector Abuse

Category ID: 371
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item URL Redirector Abuse
+ Notes

Relationship

It should be noted that the member relation to CAPEC-194 is not as clean as could be. CAPEC-194 would ideally have another child (other than CAPEC-543: Counterfeit Websites) that is specific to URL Redirection. Unlike CAPEC-543, URL Redirection does not require a counterfeit website, but rather the user to simply click a link. With that said, we have created this relationship to CAPEC-194 due to the related weakness (CWE-601), which specifically deals with URL Redirection, and will revist this at a later date.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationship_Notes, Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-38 - URL Redirector Abuse

CAPEC CATEGORY: DEPRECATED: WASC-39 - XPath Injection

Category ID: 372
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item XPath Injection
+ Membership
NatureTypeIDName
HasMemberDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.83XPath Injection
+ References
[REF-315] "WASC Threat Classification 2.0". WASC-39 - XPath Injection. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/XPath-Injection>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-39 - XPath Injection

CAPEC CATEGORY: DEPRECATED: WASC-41 - XML Attribute Blowup

Category ID: 374
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item XML Attribute Blowup
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-41 - XML Attribute Blowup

CAPEC CATEGORY: DEPRECATED: WASC-42 - Abuse of Functionality

Category ID: 375
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Abuse of Functionality
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-42 - Abuse of Functionality

CAPEC CATEGORY: DEPRECATED: WASC-43 - XML External Entities

Category ID: 376
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item XML External Entities
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-43 - XML External Entities

CAPEC CATEGORY: DEPRECATED: WASC-44 - XML Entity Expansion

Category ID: 377
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item XML Entity Expansion
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-44 - XML Entity Expansion

CAPEC CATEGORY: DEPRECATED: WASC-45 - Fingerprinting

Category ID: 378
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item Fingerprinting
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-08-04
(Version 2.11)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-45 - Fingerprinting

CAPEC CATEGORY: DEPRECATED: WASC-46 - XQuery Injection

Category ID: 379
 
+ Summary
This category is related to the WASC Threat Classification 2.0 item XQuery Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17
(Version 3.4)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17
(Version 3.4)
WASC-46 - XQuery Injection

CAPEC-484: DEPRECATED: XML Client-Side Attack

Attack Pattern ID: 484
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated References
2019-04-04
(Version 3.1)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Weaknesses
2019-09-30
(Version 3.2)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Skills_Required
Previous Entry Names
Change DatePrevious Entry Name
2019-09-30
(Version 3.2)
XML Client-Side Attack

CAPEC-99: DEPRECATED: XML Parser Attack

Attack Pattern ID: 99
Abstraction: Standard
View customized information:
+ Description
This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2019-09-30
(Version 3.2)
CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Skills_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2019-09-30
(Version 3.2)
XML Parser Attack

CAPEC-91: DEPRECATED: XSS in IMG Tags

Attack Pattern ID: 91
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it is contained in the existing attack pattern "CAPEC-18 : XSS Targeting Non-Script Elements". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Methods_of_Attack, Payload, Payload_Activation_Impact, Platforms, Purposes, Related_Attack_Patterns, Related_Guidelines, Related_Security_Principles, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
2018-07-31
(Version 2.12)
CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
XSS in IMG Tags

CAPEC-106: DEPRECATED: XSS through Log Files

Attack Pattern ID: 106
Abstraction: Detailed
View customized information:
+ Description
This attack pattern has been deprecated as it referes to an existing chain relationship between "CAPEC-93 : Log Injection-Tampering-Forging" and "CAPEC-63 : Cross-Site Scripting". Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09
(Version 2.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Methods_of_Attack, Payload, Payload_Activation_Impact, Platforms, Probing_Techniques, Purposes, Related_Attack_Patterns, Related_Security_Principles, Related_Weaknesses, Relevant_Security_Requirements, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Cross Site Scripting through Log Files

CAPEC-246: DEPRECATED: XSS Using Flash

Attack Pattern ID: 246
Abstraction: Detailed
View customized information:
+ Description
This pattern has been deprecated as it is covered by a chaining relationship between CAPEC-174: Flash Parameter Injection and CAPEC-591: Stored XSS. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Phases, Description, Description Summary, Related_Attack_Patterns, Related_Weaknesses
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01
(Version 2.10)
Cross-Site Scripting Using Flash
More information is available — Please select a different filter.
Page Last Updated or Reviewed: January 24, 2023