New to CAPEC? Start Here
Home > CAPEC List > VIEW SLICE: CAPEC-483: Deprecated Entries(Version 3.7)  

CAPEC VIEW: Deprecated Entries

View ID: 483
Structure: Implicit
Status: Draft
Downloads: Booklet | CSV | XML
+ Objective
CAPEC nodes in this view (slice) have been deprecated.
+ Filter
/Attack_Pattern_Catalog/*/*[@Status='Deprecated']
+ Membership
NatureTypeIDName
HasMemberDeprecatedDeprecated56DEPRECATED: Removing/short-circuiting 'guard logic'
HasMemberDeprecatedDeprecated82DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
HasMemberDeprecatedDeprecated91DEPRECATED: XSS in IMG Tags
HasMemberDeprecatedDeprecated99DEPRECATED: XML Parser Attack
HasMemberDeprecatedDeprecated106DEPRECATED: XSS through Log Files
HasMemberDeprecatedDeprecated119DEPRECATED: Deplete Resources
HasMemberDeprecatedDeprecated171DEPRECATED: Variable Manipulation
HasMemberDeprecatedDeprecated205DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)
HasMemberDeprecatedDeprecated211DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
HasMemberDeprecatedDeprecated213DEPRECATED: Directory Traversal
HasMemberDeprecatedDeprecated214DEPRECATED: Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
HasMemberDeprecatedDeprecated232DEPRECATED: Exploitation of Authorization
HasMemberDeprecatedDeprecated235DEPRECATED: Implementing a callback to system routine (old AWT Queue)
HasMemberDeprecatedDeprecated236DEPRECATED: Catching exception throw/signal from privileged block
HasMemberDeprecatedDeprecated238DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
HasMemberDeprecatedDeprecated239DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.
HasMemberDeprecatedDeprecated241DEPRECATED: Code Injection
HasMemberDeprecatedDeprecated246DEPRECATED: XSS Using Flash
HasMemberDeprecatedDeprecated249DEPRECATED: Linux Terminal Injection
HasMemberDeprecatedDeprecated254DEPRECATED: DTD Injection in a SOAP Message
HasMemberDeprecatedDeprecated257DEPRECATED: Abuse of Transaction Data Structure
HasMemberDeprecatedDeprecated258DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
HasMemberDeprecatedDeprecated259DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
HasMemberDeprecatedDeprecated260DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
HasMemberDeprecatedDeprecated264DEPRECATED: Environment Variable Manipulation
HasMemberDeprecatedDeprecated265DEPRECATED: Global variable manipulation
HasMemberDeprecatedDeprecated266DEPRECATED: Manipulate Canonicalization
HasMemberDeprecatedDeprecated269DEPRECATED: Registry Manipulation
HasMemberDeprecatedDeprecated280DEPRECATED: SOAP Parameter Tampering
HasMemberDeprecatedDeprecated281DEPRECATED: Analyze Target
HasMemberDeprecatedDeprecated286DEPRECATED: Reconnaissance
HasMemberDeprecatedDeprecated288DEPRECATED: ICMP Echo Request Ping
HasMemberDeprecatedDeprecated289DEPRECATED: Infrastructure-based footprinting
HasMemberDeprecatedDeprecated311DEPRECATED: OS Fingerprinting
HasMemberDeprecatedDeprecated314DEPRECATED: IP Fingerprinting Probes
HasMemberDeprecatedDeprecated315DEPRECATED: TCP/IP Fingerprinting Probes
HasMemberDeprecatedDeprecated316DEPRECATED: ICMP Fingerprinting Probes
HasMemberDeprecatedDeprecated334DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication
HasMemberDeprecatedDeprecated335DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization
HasMemberDeprecatedDeprecated336DEPRECATED: WASC-03 - Integer Overflows
HasMemberDeprecatedDeprecated337DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection
HasMemberDeprecatedDeprecated338DEPRECATED: WASC-05 - Remote File Inclusion
HasMemberDeprecatedDeprecated339DEPRECATED: WASC-06 - Format String
HasMemberDeprecatedDeprecated340DEPRECATED: WASC-07 - Buffer Overflow
HasMemberDeprecatedDeprecated341DEPRECATED: WASC-08 - Cross-Site Scripting
HasMemberDeprecatedDeprecated342DEPRECATED: WASC-09 - Cross-Site Request Forgery
HasMemberDeprecatedDeprecated343DEPRECATED: WASC-10 - Denial of Service
HasMemberDeprecatedDeprecated344DEPRECATED: WASC-11 - Brute Force
HasMemberDeprecatedDeprecated345DEPRECATED: WASC-12 - Content Spoofing
HasMemberDeprecatedDeprecated346DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage
HasMemberDeprecatedDeprecated347DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration
HasMemberDeprecatedDeprecated348DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration
HasMemberDeprecatedDeprecated349DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing
HasMemberDeprecatedDeprecated350DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions
HasMemberDeprecatedDeprecated351DEPRECATED: WASC-18 - Credential/Session Prediction
HasMemberDeprecatedDeprecated352DEPRECATED: WASC-19 - SQL Injection
HasMemberDeprecatedDeprecated353DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling
HasMemberDeprecatedDeprecated354DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation
HasMemberDeprecatedDeprecated355DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling
HasMemberDeprecatedDeprecated356DEPRECATED: WASC-23 - XML Injection
HasMemberDeprecatedDeprecated357DEPRECATED: WASC-24 - HTTP Request Splitting
HasMemberDeprecatedDeprecated358DEPRECATED: WASC-25 - HTTP Response Splitting
HasMemberDeprecatedDeprecated359DEPRECATED: WASC-26 - HTTP Request Smuggling
HasMemberDeprecatedDeprecated360DEPRECATED: WASC-27 - HTTP Response Smuggling
HasMemberDeprecatedDeprecated361DEPRECATED: WASC-28 - Null Byte Injection
HasMemberDeprecatedDeprecated362DEPRECATED: WASC-29 - LDAP Injection
HasMemberDeprecatedDeprecated363DEPRECATED: WASC-30 - Mail Command Injection
HasMemberDeprecatedDeprecated364DEPRECATED: WASC-31 - OS Commanding
HasMemberDeprecatedDeprecated365DEPRECATED: WASC-32 - Routing Detour
HasMemberDeprecatedDeprecated366DEPRECATED: WASC-33 - Path Traversal
HasMemberDeprecatedDeprecated367DEPRECATED: WASC-34 - Predictable Resource Location
HasMemberDeprecatedDeprecated368DEPRECATED: WASC-35 - SOAP Array Abuse
HasMemberDeprecatedDeprecated369DEPRECATED: WASC-36 - SSI Injection
HasMemberDeprecatedDeprecated370DEPRECATED: WASC-37 - Session Fixation
HasMemberDeprecatedDeprecated371DEPRECATED: WASC-38 - URL Redirector Abuse
HasMemberDeprecatedDeprecated372DEPRECATED: WASC-39 - XPath Injection
HasMemberDeprecatedDeprecated373DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation
HasMemberDeprecatedDeprecated374DEPRECATED: WASC-41 - XML Attribute Blowup
HasMemberDeprecatedDeprecated375DEPRECATED: WASC-42 - Abuse of Functionality
HasMemberDeprecatedDeprecated376DEPRECATED: WASC-43 - XML External Entities
HasMemberDeprecatedDeprecated377DEPRECATED: WASC-44 - XML Entity Expansion
HasMemberDeprecatedDeprecated378DEPRECATED: WASC-45 - Fingerprinting
HasMemberDeprecatedDeprecated379DEPRECATED: WASC-46 - XQuery Injection
HasMemberDeprecatedDeprecated380DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration
HasMemberDeprecatedDeprecated381DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing
HasMemberDeprecatedDeprecated382DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery
HasMemberDeprecatedDeprecated396DEPRECATED: Bypassing Card or Badge-Based Systems
HasMemberDeprecatedDeprecated404DEPRECATED: Social Information Gathering Attacks
HasMemberDeprecatedDeprecated405DEPRECATED: Social Information Gathering via Research
HasMemberDeprecatedDeprecated408DEPRECATED: Information Gathering from Traditional Sources
HasMemberDeprecatedDeprecated409DEPRECATED: Information Gathering from Non-Traditional Sources
HasMemberDeprecatedDeprecated411DEPRECATED: Pretexting
HasMemberDeprecatedDeprecated419DEPRECATED: Target Influence via Perception of Concession
HasMemberDeprecatedDeprecated430DEPRECATED: Target Influence via Micro-Expressions
HasMemberDeprecatedDeprecated431DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)
HasMemberDeprecatedDeprecated432DEPRECATED: Target Influence via Voice in NLP
HasMemberDeprecatedDeprecated436DEPRECATED: Gain Physical Access
HasMemberDeprecatedDeprecated449DEPRECATED: Malware Propagation via USB Stick
HasMemberDeprecatedDeprecated450DEPRECATED: Malware Propagation via USB U3 Autorun
HasMemberDeprecatedDeprecated451DEPRECATED: Malware Propagation via Infected Peripheral Device
HasMemberDeprecatedDeprecated453DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware
HasMemberDeprecatedDeprecated454DEPRECATED: Modification of Existing Components with Counterfeit Hardware
HasMemberDeprecatedDeprecated455DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
HasMemberDeprecatedDeprecated484DEPRECATED: XML Client-Side Attack
HasMemberDeprecatedDeprecated525DEPRECATED: Execute Code
HasMemberDeprecatedDeprecated526DEPRECATED: Alter System Components
HasMemberDeprecatedDeprecated527DEPRECATED: Manipulate System Users
HasMemberDeprecatedDeprecated557DEPRECATED: Schedule Software To Run
HasMemberDeprecatedDeprecated566DEPRECATED: Dump Password Hashes
HasMemberDeprecatedDeprecated567DEPRECATED: Obtain Data via Utilities
HasMemberDeprecatedDeprecated570DEPRECATED: Signature-Based Avoidance
HasMemberDeprecatedDeprecated602DEPRECATED: Degradation
+ View Metrics
CAPECs in this view
Attack Patterns55
Categories57
Views0
Total112
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
View Components
View Components
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

CAPEC-430: DEPRECATED: Target Influence via Micro-Expressions

Attack Pattern ID: 430
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Target Influence via Micro-Expressions
Back to top

CAPEC-431: DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)

Attack Pattern ID: 431
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Target Influence via Neuro-Linguistic Programming (NLP)
Back to top

CAPEC-432: DEPRECATED: Target Influence via Voice in NLP

Attack Pattern ID: 432
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Target Influence via Voice in NLP
Back to top

CAPEC-257: DEPRECATED: Abuse of Transaction Data Structure

Attack Pattern ID: 257
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Abuse of Transaction Data Structure
Back to top

CAPEC CATEGORY: DEPRECATED: Alter System Components

Category ID: 526
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Alter System Components
Back to top

CAPEC CATEGORY: DEPRECATED: Analyze Target

Category ID: 281
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Other_Notes
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Analyze Target
Back to top

CAPEC-396: DEPRECATED: Bypassing Card or Badge-Based Systems

Attack Pattern ID: 396
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it a generalization of CAPEC-397: Cloning Magnetic Strip Cards, CAPEC-398: Magnetic Strip Card Brute Force Attacks, CAPEC-399: Cloning RFID Cards or Chips and CAPEC-400: RFID Chip Deactivation or Destruction. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2019-09-30CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2019-09-30Bypassing Card or Badge-Based Systems
Back to top

CAPEC-236: DEPRECATED: Catching exception throw/signal from privileged block

Attack Pattern ID: 236
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it did not have enough distinction from CAPEC-30 : Hijacking a Privileged Thread of Execution. Please refer to CAPEC-30 moving forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Resources_Required
2020-07-30CAPEC Content TeamThe MITRE Corporation
Updated Execution_Flow
2021-10-21CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Likelihood_Of_Attack, Mitigations, Prerequisites, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2021-10-21Catching exception throw/signal from privileged block
Back to top

CAPEC-241: DEPRECATED: Code Injection

Attack Pattern ID: 241
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-242 : Code Injection". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Code Injection
Back to top

CAPEC-602: DEPRECATED: Degradation

Attack Pattern ID: 602
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Degradation
Back to top

CAPEC CATEGORY: DEPRECATED: Deplete Resources

Category ID: 119
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used by any of the Views.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description, Related_Weaknesses, Resources_Required
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Deplete Resources
Back to top

CAPEC-213: DEPRECATED: Directory Traversal

Attack Pattern ID: 213
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-126 : Path Traversal". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Directory Traversal
Back to top

CAPEC-254: DEPRECATED: DTD Injection in a SOAP Message

Attack Pattern ID: 254
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the pattern CAPEC-228 : DTD Injection going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01DTD Injection in a SOAP Message
Back to top

CAPEC-566: DEPRECATED: Dump Password Hashes

Attack Pattern ID: 566
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2019-04-04CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Prerequisites, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2019-04-04Dump Password Hashes
Back to top

CAPEC-264: DEPRECATED: Environment Variable Manipulation

Attack Pattern ID: 264
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-13 : Subverting Environment Variable Values". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Environment Variable Manipulation
Back to top

CAPEC CATEGORY: DEPRECATED: Execute Code

Category ID: 525
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Description, Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2015-11-09Malicious Code Execution
2017-05-01Execute Code
Back to top

CAPEC CATEGORY: DEPRECATED: Exploitation of Authorization

Category ID: 232
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used by any of the Views.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Weaknesses, Relationships
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Exploitation of Authorization
Back to top

CAPEC-214: DEPRECATED: Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping

Attack Pattern ID: 214
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was merged into "CAPEC-215 : Fuzzing for application mapping". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Prerequisites, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
Back to top

CAPEC CATEGORY: DEPRECATED: Gain Physical Access

Category ID: 436
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Gain Physical Access
Back to top

CAPEC-265: DEPRECATED: Global variable manipulation

Attack Pattern ID: 265
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-77 : Manipulating User-Controlled Variables". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Global variable manipulation
Back to top

CAPEC-288: DEPRECATED: ICMP Echo Request Ping

Attack Pattern ID: 288
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-285". Please refer to this other CAPEC going forward.
+ Typical Severity

Low

+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Back to top

CAPEC-316: DEPRECATED: ICMP Fingerprinting Probes

Attack Pattern ID: 316
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that are children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01ICMP Fingerprinting Probes
Back to top

CAPEC-235: DEPRECATED: Implementing a callback to system routine (old AWT Queue)

Attack Pattern ID: 235
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated. Please refer to CAPEC:30 - Hijacking a Privileged Thread of Execution.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Implementing a callback to system routine (old AWT Queue)
Back to top

CAPEC-409: DEPRECATED: Information Gathering from Non-Traditional Sources

Attack Pattern ID: 409
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Information Gathering from Non-Traditional Sources
Back to top

CAPEC-408: DEPRECATED: Information Gathering from Traditional Sources

Attack Pattern ID: 408
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Information Gathering from Traditional Sources
Back to top

CAPEC-289: DEPRECATED: Infrastructure-based footprinting

Attack Pattern ID: 289
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the meta level pattern CAPEC-169 : going forward, or to any of its children patterns.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Targeted_OSI_Layers, Typical_Severity
Back to top

CAPEC-314: DEPRECATED: IP Fingerprinting Probes

Attack Pattern ID: 314
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01IP Fingerprinting Probes
Back to top

CAPEC-211: DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior

Attack Pattern ID: 211
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
Back to top

CAPEC-205: DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)

Attack Pattern ID: 205
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-37 : Retrieve Embedded Sensitive Data. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Lifting credential(s)/key material embedded in client distributions (thick or thin)
Back to top

CAPEC-249: DEPRECATED: Linux Terminal Injection

Attack Pattern ID: 249
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is covered by "CAPEC-40 : Manipulating Writeable Terminal Devices". Please refer to this CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Linux Terminal Injection
Back to top

CAPEC-453: DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware

Attack Pattern ID: 453
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malicious Logic Insertion via Counterfeit Hardware
Back to top

CAPEC-455: DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components

Attack Pattern ID: 455
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-457 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
Back to top

CAPEC-451: DEPRECATED: Malware Propagation via Infected Peripheral Device

Attack Pattern ID: 451
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated References
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malware Propagation via Infected Peripheral Device
Back to top

CAPEC-449: DEPRECATED: Malware Propagation via USB Stick

Attack Pattern ID: 449
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malware Propagation via USB Stick
Back to top

CAPEC-450: DEPRECATED: Malware Propagation via USB U3 Autorun

Attack Pattern ID: 450
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malware Propagation via USB U3 Autorun
Back to top

CAPEC-266: DEPRECATED: Manipulate Canonicalization

Attack Pattern ID: 266
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Manipulate Canonicalization
Back to top

CAPEC CATEGORY: DEPRECATED: Manipulate System Users

Category ID: 527
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Manipulate System Users
Back to top

CAPEC-454: DEPRECATED: Modification of Existing Components with Counterfeit Hardware

Attack Pattern ID: 454
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Modification of Existing Components with Counterfeit Hardware
Back to top

CAPEC-567: DEPRECATED: Obtain Data via Utilities

Attack Pattern ID: 567
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
2020-07-30CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Obtain Data via Utilities
Back to top

CAPEC-311: DEPRECATED: OS Fingerprinting

Attack Pattern ID: 311
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level patterns CAPEC-312 : Active OS Fingerprinting or CAPEC-313 : Passive OS Fingerprinting going forward, or to any of the detailed patterns that are children of them.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated References
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01OS Fingerprinting
Back to top

CAPEC-258: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update

Attack Pattern ID: 258
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
Back to top

CAPEC-260: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution

Attack Pattern ID: 260
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
Back to top

CAPEC-259: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching

Attack Pattern ID: 259
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
Back to top

CAPEC-411: DEPRECATED: Pretexting

Attack Pattern ID: 411
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-407 : Social Information Gathering via Pretexting". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Back to top

CAPEC CATEGORY: DEPRECATED: Reconnaissance

Category ID: 286
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Reconnaissance
Back to top

CAPEC-269: DEPRECATED: Registry Manipulation

Attack Pattern ID: 269
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be a duplicate of another pattern. Please refer to the pattern CAPEC-203 : Manipulate Application Registry Values going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Back to top

CAPEC-56: DEPRECATED: Removing/short-circuiting 'guard logic'

Attack Pattern ID: 56
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-207 : Removing Important Client Functionality. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Payload, Payload_Activation_Impact, Platforms, Probing_Techniques, Purposes, Related_Attack_Patterns, Related_Guidelines, Related_Security_Principles, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Removing/short-circuiting 'guard logic'
Back to top

CAPEC-557: DEPRECATED: Schedule Software To Run

Attack Pattern ID: 557
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Solutions_and_Mitigations
2020-07-30CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Schedule Software To Run
Back to top

CAPEC-570: DEPRECATED: Signature-Based Avoidance

Attack Pattern ID: 570
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This CAPEC has been deprecated because it is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Solutions_and_Mitigations
2020-07-30CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Signature-Based Avoidance
Back to top

CAPEC-280: DEPRECATED: SOAP Parameter Tampering

Attack Pattern ID: 280
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as its contents have been included in CAPEC-279 : SOAP Manipulation. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31SOAP Parameter Tampering
Back to top

CAPEC-404: DEPRECATED: Social Information Gathering Attacks

Attack Pattern ID: 404
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ References
[REF-348] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Social Information Gathering Attacks
Back to top

CAPEC-405: DEPRECATED: Social Information Gathering via Research

Attack Pattern ID: 405
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ References
[REF-348] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Social Information Gathering via Research
Back to top

CAPEC-239: DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.

Attack Pattern ID: 239
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it did not contain any content and did not serve any useful purpose. Please refer to "CAPEC-207: removing Important Client Functionality" going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
2019-04-04CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Subversion of authorization checks: cache filtering, programmatic security, etc.
2019-04-04Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.
Back to top

CAPEC-419: DEPRECATED: Target Influence via Perception of Concession

Attack Pattern ID: 419
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Target Influence via Perception of Concession
Back to top

CAPEC-315: DEPRECATED: TCP/IP Fingerprinting Probes

Attack Pattern ID: 315
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that are children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01TCP/IP Fingerprinting Probes
Back to top

CAPEC-238: DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege

Attack Pattern ID: 238
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it did not appear to be a valid attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
Back to top

CAPEC-171: DEPRECATED: Variable Manipulation

Attack Pattern ID: 171
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-77 : Manipulating User-Controlled Variables". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Variable Manipulation
Back to top

CAPEC-82: DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))

Attack Pattern ID: 82
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads, CAPEC-231: XML Oversized Payloads, and CAPEC-147: XML Ping of Death. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
2019-09-30CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Consequences, Description, Example_Instances, Likelihood_Of_Attack, Mitigations, Prerequisites, Related_Weaknesses, Skills_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2019-09-30Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication

Category ID: 334
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Authentication
+ References
[REF-275] "WASC Threat Classification 2.0". WASC-01 - Insufficient Authentication. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Authentication>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization

Category ID: 335
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Authorization
+ References
[REF-276] "WASC Threat Classification 2.0". WASC-02 - Insufficient Authorization. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Authorization>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection

Category ID: 337
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Transport Layer Protection
+ References
[REF-278] "WASC Threat Classification 2.0". WASC-04 - Insufficient Transport Layer Protection. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Transport-Layer-Protection>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage

Category ID: 346
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Information Leakage
+ References
[REF-288] "WASC Threat Classification 2.0". WASC-13 - Information Leakage. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Information-Leakage>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration

Category ID: 347
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Server Misconfiguration
+ References
[REF-289] "WASC Threat Classification 2.0". WASC-14 - Server Misconfiguration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Server-Misconfiguration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration

Category ID: 348
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Application Misconfiguration
+ References
[REF-290] "WASC Threat Classification 2.0". WASC-15 - Application Misconfiguration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Application-Misconfiguration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing

Category ID: 349
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Directory Indexing
+ References
[REF-11] "WASC Threat Classification 2.0". WASC-16 - Directory Indexing. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Directory-Indexing>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions

Category ID: 350
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Filesystem Permissions
+ References
[REF-293] "WASC Threat Classification 2.0". WASC-17 - Improper Filesystem Permissions. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Filesystem-Permissions>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling

Category ID: 353
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Input Handling
+ References
[REF-108] "WASC Threat Classification 2.0". WASC-20 - Improper Input Handling. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Input-Handling>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation

Category ID: 354
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Anti-automation
+ References
[REF-297] "WASC Threat Classification 2.0". WASC-21 - Insufficient Anti-automation. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient+Anti-automation>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling

Category ID: 355
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Output Handling
+ References
[REF-298] "WASC Threat Classification 2.0". WASC-22 - Improper Output Handling. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Output-Handling>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation

Category ID: 373
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Process Validation
+ References
[REF-316] "WASC Threat Classification 2.0". WASC-40 - Insufficient Process Validation. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Process-Validation>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration

Category ID: 380
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Session Expiration
+ References
[REF-324] "WASC Threat Classification 2.0". WASC-47 - Insufficient Session Expiration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Session-Expiration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing

Category ID: 381
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insecure Indexing
+ References
[REF-325] "WASC Threat Classification 2.0". WASC-48 - Insecure Indexing. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insecure-Indexing>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery

Category ID: 382
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Password Recovery
+ References
[REF-326] "WASC Threat Classification 2.0". WASC-49 - Insufficient Password Recovery. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Password-Recovery>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-03 - Integer Overflows

Category ID: 336
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Integer Overflows
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-03 - Integer Overflows
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-05 - Remote File Inclusion

Category ID: 338
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Remote File Inclusion
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-05 - Remote File Inclusion
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-06 - Format String

Category ID: 339
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Format String
+ Membership
NatureTypeIDName
HasMemberDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.67String Format Overflow in syslog()
+ References
[REF-15] Robert Auger. "WASC Threat Classification 2.0". WASC-06 - Format String. The Web Application Security Consortium (WASC). <http://projects.webappsec.org/Format-String>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-06 - Format String
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-07 - Buffer Overflow

Category ID: 340
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Buffer Overflow
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-07 - Buffer Overflow
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-08 - Cross-Site Scripting

Category ID: 341
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Cross-Site Scripting
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-08 - Cross-Site Scripting
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-09 - Cross-Site Request Forgery

Category ID: 342
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Cross-Site Request Forgery
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-09 - Cross-Site Request Forgery
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-10 - Denial of Service

Category ID: 343
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Denial of Service - see view 333
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships, Summary
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-10 - Denial of Service
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-11 - Brute Force

Category ID: 344
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Brute Force
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-11 - Brute Force
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-12 - Content Spoofing

Category ID: 345
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Content Spoofing
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-12 - Content Spoofing
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-18 - Credential/Session Prediction

Category ID: 351
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Credential/Session Prediction
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-18 - Credential/Session Prediction
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-19 - SQL Injection

Category ID: 352
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item SQL Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-19 - SQL Injection
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-23 - XML Injection

Category ID: 356
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item XML Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-23 - XML Injection
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-24 - HTTP Request Splitting

Category ID: 357
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item HTTP Request Splitting
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-24 - HTTP Request Splitting
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-25 - HTTP Response Splitting

Category ID: 358
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item HTTP Response Splitting
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-25 - HTTP Response Splitting
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-26 - HTTP Request Smuggling

Category ID: 359
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item HTTP Request Smuggling
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-26 - HTTP Request Smuggling
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-27 - HTTP Response Smuggling

Category ID: 360
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item HTTP Response Smuggling
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-27 - HTTP Response Smuggling
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-28 - Null Byte Injection

Category ID: 361
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Null Byte Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-28 - Null Byte Injection
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-29 - LDAP Injection

Category ID: 362
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item LDAP Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-29 - LDAP Injection
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-30 - Mail Command Injection

Category ID: 363
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Mail Command Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-30 - Mail Command Injection
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-31 - OS Commanding

Category ID: 364
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item OS Commanding
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-31 - OS Commanding
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-32 - Routing Detour

Category ID: 365
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Routing Detour
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-32 - Routing Detour
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-33 - Path Traversal

Category ID: 366
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Path Traversal
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-33 - Path Traversal
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-34 - Predictable Resource Location

Category ID: 367
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Predictable Resource Location
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-34 - Predictable Resource Location
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-35 - SOAP Array Abuse

Category ID: 368
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item SOAP Array Abuse
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-35 - SOAP Array Abuse
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-36 - SSI Injection

Category ID: 369
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item SSI Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-36 - SSI Injection
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-37 - Session Fixation

Category ID: 370
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Session Fixation
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-37 - Session Fixation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-38 - URL Redirector Abuse

Category ID: 371
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item URL Redirector Abuse
+ Notes

Relationship

It should be noted that the member relation to CAPEC-194 is not as clean as could be. CAPEC-194 would ideally have another child (other than CAPEC-543: Counterfeit Websites) that is specific to URL Redirection. Unlike CAPEC-543, URL Redirection does not require a counterfeit website, but rather the user to simply click a link. With that said, we have created this relationship to CAPEC-194 due to the related weakness (CWE-601), which specifically deals with URL Redirection, and will revist this at a later date.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationship_Notes, Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-38 - URL Redirector Abuse
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-39 - XPath Injection

Category ID: 372
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item XPath Injection
+ Membership
NatureTypeIDName
HasMemberDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.83XPath Injection
+ References
[REF-315] "WASC Threat Classification 2.0". WASC-39 - XPath Injection. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/XPath-Injection>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-39 - XPath Injection
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-41 - XML Attribute Blowup

Category ID: 374
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item XML Attribute Blowup
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-41 - XML Attribute Blowup
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-42 - Abuse of Functionality

Category ID: 375
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Abuse of Functionality
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-42 - Abuse of Functionality
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-43 - XML External Entities

Category ID: 376
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item XML External Entities
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-43 - XML External Entities
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-44 - XML Entity Expansion

Category ID: 377
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item XML Entity Expansion
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-44 - XML Entity Expansion
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-45 - Fingerprinting

Category ID: 378
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Fingerprinting
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-45 - Fingerprinting
Back to top

CAPEC CATEGORY: DEPRECATED: WASC-46 - XQuery Injection

Category ID: 379
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item XQuery Injection
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2020-12-17CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, References, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2020-12-17WASC-46 - XQuery Injection
Back to top

CAPEC-484: DEPRECATED: XML Client-Side Attack

Attack Pattern ID: 484
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated References
2019-04-04CAPEC Content TeamThe MITRE Corporation
Updated Related_Weaknesses
2019-09-30CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Skills_Required
Previous Entry Names
Change DatePrevious Entry Name
2019-09-30XML Client-Side Attack
Back to top

CAPEC-99: DEPRECATED: XML Parser Attack

Attack Pattern ID: 99
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2019-09-30CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Skills_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2019-09-30XML Parser Attack
Back to top

CAPEC-91: DEPRECATED: XSS in IMG Tags

Attack Pattern ID: 91
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is contained in the existing attack pattern "CAPEC-18 : XSS Targeting Non-Script Elements". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Methods_of_Attack, Payload, Payload_Activation_Impact, Platforms, Purposes, Related_Attack_Patterns, Related_Guidelines, Related_Security_Principles, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01XSS in IMG Tags
Back to top

CAPEC-106: DEPRECATED: XSS through Log Files

Attack Pattern ID: 106
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it referes to an existing chain relationship between "CAPEC-93 : Log Injection-Tampering-Forging" and "CAPEC-63 : Cross-Site Scripting". Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Methods_of_Attack, Payload, Payload_Activation_Impact, Platforms, Probing_Techniques, Purposes, Related_Attack_Patterns, Related_Security_Principles, Related_Weaknesses, Relevant_Security_Requirements, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Cross Site Scripting through Log Files
Back to top

CAPEC-246: DEPRECATED: XSS Using Flash

Attack Pattern ID: 246
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it is covered by a chaining relationship between CAPEC-174: Flash Parameter Injection and CAPEC-591: Stored XSS. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Phases, Description, Description Summary, Related_Attack_Patterns, Related_Weaknesses
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Cross-Site Scripting Using Flash
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 21, 2021
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2022, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.