Home > CAPEC List > VIEW SLICE: CAPEC-483: Deprecated Entries(Version 3.1)  

CAPEC VIEW: Deprecated Entries

View ID: 483
Structure: Implicit
Status: Draft
Downloads: Booklet | CSV | XML
+ Objective
CAPEC nodes in this view (slice) have been deprecated.
+ Filter
/Attack_Pattern_Catalog/*/*[@Status='Deprecated']
+ Membership
NatureTypeIDName
HasMemberDeprecatedDeprecated56DEPRECATED: Removing/short-circuiting 'guard logic'
HasMemberDeprecatedDeprecated91DEPRECATED: XSS in IMG Tags
HasMemberDeprecatedDeprecated106DEPRECATED: XSS through Log Files
HasMemberDeprecatedDeprecated119DEPRECATED: Deplete Resources
HasMemberDeprecatedDeprecated171DEPRECATED: Variable Manipulation
HasMemberDeprecatedDeprecated205DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)
HasMemberDeprecatedDeprecated211DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
HasMemberDeprecatedDeprecated213DEPRECATED: Directory Traversal
HasMemberDeprecatedDeprecated232DEPRECATED: Exploitation of Authorization
HasMemberDeprecatedDeprecated235DEPRECATED: Implementing a callback to system routine (old AWT Queue)
HasMemberDeprecatedDeprecated238DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
HasMemberDeprecatedDeprecated239DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.
HasMemberDeprecatedDeprecated241DEPRECATED: Code Injection
HasMemberDeprecatedDeprecated246DEPRECATED: XSS Using Flash
HasMemberDeprecatedDeprecated249DEPRECATED: Linux Terminal Injection
HasMemberDeprecatedDeprecated254DEPRECATED: DTD Injection in a SOAP Message
HasMemberDeprecatedDeprecated257DEPRECATED: Abuse of Transaction Data Structure
HasMemberDeprecatedDeprecated258DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
HasMemberDeprecatedDeprecated259DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
HasMemberDeprecatedDeprecated260DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
HasMemberDeprecatedDeprecated264DEPRECATED: Environment Variable Manipulation
HasMemberDeprecatedDeprecated265DEPRECATED: Global variable manipulation
HasMemberDeprecatedDeprecated266DEPRECATED: Manipulate Canonicalization
HasMemberDeprecatedDeprecated269DEPRECATED: Registry Manipulation
HasMemberDeprecatedDeprecated280DEPRECATED: SOAP Parameter Tampering
HasMemberDeprecatedDeprecated281DEPRECATED: Analyze Target
HasMemberDeprecatedDeprecated286DEPRECATED: Reconnaissance
HasMemberDeprecatedDeprecated288DEPRECATED: ICMP Echo Request Ping
HasMemberDeprecatedDeprecated289DEPRECATED: Infrastructure-based footprinting
HasMemberDeprecatedDeprecated311DEPRECATED: OS Fingerprinting
HasMemberDeprecatedDeprecated314DEPRECATED: IP Fingerprinting Probes
HasMemberDeprecatedDeprecated315DEPRECATED: TCP/IP Fingerprinting Probes
HasMemberDeprecatedDeprecated316DEPRECATED: ICMP Fingerprinting Probes
HasMemberDeprecatedDeprecated334DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication
HasMemberDeprecatedDeprecated335DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization
HasMemberDeprecatedDeprecated337DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection
HasMemberDeprecatedDeprecated346DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage
HasMemberDeprecatedDeprecated347DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration
HasMemberDeprecatedDeprecated348DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration
HasMemberDeprecatedDeprecated349DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing
HasMemberDeprecatedDeprecated350DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions
HasMemberDeprecatedDeprecated353DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling
HasMemberDeprecatedDeprecated354DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation
HasMemberDeprecatedDeprecated355DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling
HasMemberDeprecatedDeprecated373DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation
HasMemberDeprecatedDeprecated380DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration
HasMemberDeprecatedDeprecated381DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing
HasMemberDeprecatedDeprecated382DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery
HasMemberDeprecatedDeprecated404DEPRECATED: Social Information Gathering Attacks
HasMemberDeprecatedDeprecated405DEPRECATED: Social Information Gathering via Research
HasMemberDeprecatedDeprecated408DEPRECATED: Information Gathering from Traditional Sources
HasMemberDeprecatedDeprecated409DEPRECATED: Information Gathering from Non-Traditional Sources
HasMemberDeprecatedDeprecated411DEPRECATED: Pretexting
HasMemberDeprecatedDeprecated419DEPRECATED: Target Influence via Perception of Concession
HasMemberDeprecatedDeprecated430DEPRECATED: Target Influence via Micro-Expressions
HasMemberDeprecatedDeprecated431DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)
HasMemberDeprecatedDeprecated432DEPRECATED: Target Influence via Voice in NLP
HasMemberDeprecatedDeprecated436DEPRECATED: Gain Physical Access
HasMemberDeprecatedDeprecated449DEPRECATED: Malware Propagation via USB Stick
HasMemberDeprecatedDeprecated450DEPRECATED: Malware Propagation via USB U3 Autorun
HasMemberDeprecatedDeprecated451DEPRECATED: Malware Propagation via Infected Peripheral Device
HasMemberDeprecatedDeprecated453DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware
HasMemberDeprecatedDeprecated454DEPRECATED: Modification of Existing Components with Counterfeit Hardware
HasMemberDeprecatedDeprecated455DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
HasMemberDeprecatedDeprecated525DEPRECATED: Execute Code
HasMemberDeprecatedDeprecated526DEPRECATED: Alter System Components
HasMemberDeprecatedDeprecated527DEPRECATED: Manipulate System Users
HasMemberDeprecatedDeprecated557DEPRECATED: Schedule Software To Run
HasMemberDeprecatedDeprecated566DEPRECATED: Dump Password Hashes
HasMemberDeprecatedDeprecated567DEPRECATED: Obtain Data via Utilities
HasMemberDeprecatedDeprecated570DEPRECATED: Signature-Based Avoidance
HasMemberDeprecatedDeprecated602DEPRECATED: Degradation
+ View Metrics
CAPECs in this view
Attack Patterns49
Categories23
Views0
Total72
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
View Components
View Components
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

CAPEC-430: DEPRECATED: Target Influence via Micro-Expressions

Attack Pattern ID: 430
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Target Influence via Micro-Expressions
Back to top

CAPEC-431: DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)

Attack Pattern ID: 431
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Target Influence via Neuro-Linguistic Programming (NLP)
Back to top

CAPEC-432: DEPRECATED: Target Influence via Voice in NLP

Attack Pattern ID: 432
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Target Influence via Voice in NLP
Back to top

CAPEC-257: DEPRECATED: Abuse of Transaction Data Structure

Attack Pattern ID: 257
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Abuse of Transaction Data Structure
Back to top

CAPEC CATEGORY: DEPRECATED: Alter System Components

Category ID: 526
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Alter System Components
Back to top

CAPEC CATEGORY: DEPRECATED: Analyze Target

Category ID: 281
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Other_Notes
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Analyze Target
Back to top

CAPEC-241: DEPRECATED: Code Injection

Attack Pattern ID: 241
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-242 : Code Injection". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Code Injection
Back to top

CAPEC-602: DEPRECATED: Degradation

Attack Pattern ID: 602
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Degradation
Back to top

CAPEC CATEGORY: DEPRECATED: Deplete Resources

Category ID: 119
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used by any of the Views.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description, Related_Weaknesses, Resources_Required
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Deplete Resources
Back to top

CAPEC-213: DEPRECATED: Directory Traversal

Attack Pattern ID: 213
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-126 : Path Traversal". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Directory Traversal
Back to top

CAPEC-254: DEPRECATED: DTD Injection in a SOAP Message

Attack Pattern ID: 254
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the pattern CAPEC-228 : DTD Injection going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01DTD Injection in a SOAP Message
Back to top

CAPEC-566: DEPRECATED: Dump Password Hashes

Attack Pattern ID: 566
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2019-04-04CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Prerequisites, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2019-04-04Dump Password Hashes
Back to top

CAPEC-264: DEPRECATED: Environment Variable Manipulation

Attack Pattern ID: 264
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-13 : Subverting Environment Variable Values". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Environment Variable Manipulation
Back to top

CAPEC CATEGORY: DEPRECATED: Execute Code

Category ID: 525
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Description, Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2015-11-09Malicious Code Execution
2017-05-01Execute Code
Back to top

CAPEC CATEGORY: DEPRECATED: Exploitation of Authorization

Category ID: 232
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used by any of the Views.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Weaknesses, Relationships
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Exploitation of Authorization
Back to top

CAPEC CATEGORY: DEPRECATED: Gain Physical Access

Category ID: 436
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Gain Physical Access
Back to top

CAPEC-265: DEPRECATED: Global variable manipulation

Attack Pattern ID: 265
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-77 : Manipulating User-Controlled Variables". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Global variable manipulation
Back to top

CAPEC-288: DEPRECATED: ICMP Echo Request Ping

Attack Pattern ID: 288
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-285". Please refer to this other CAPEC going forward.
+ Typical Severity

Low

+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Back to top

CAPEC-316: DEPRECATED: ICMP Fingerprinting Probes

Attack Pattern ID: 316
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that are children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01ICMP Fingerprinting Probes
Back to top

CAPEC-235: DEPRECATED: Implementing a callback to system routine (old AWT Queue)

Attack Pattern ID: 235
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated. Please refer to CAPEC:30 - Hijacking a Privileged Thread of Execution.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Implementing a callback to system routine (old AWT Queue)
Back to top

CAPEC-409: DEPRECATED: Information Gathering from Non-Traditional Sources

Attack Pattern ID: 409
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Information Gathering from Non-Traditional Sources
Back to top

CAPEC-408: DEPRECATED: Information Gathering from Traditional Sources

Attack Pattern ID: 408
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ Relationships

The table(s) below shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.

NatureTypeIDName
ParentOfDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.467Cross Site Identification
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Information Gathering from Traditional Sources
Back to top

CAPEC-289: DEPRECATED: Infrastructure-based footprinting

Attack Pattern ID: 289
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the meta level pattern CAPEC-169 : going forward, or to any of its children patterns.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Targeted_OSI_Layers, Typical_Severity
Back to top

CAPEC-314: DEPRECATED: IP Fingerprinting Probes

Attack Pattern ID: 314
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01IP Fingerprinting Probes
Back to top

CAPEC-211: DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior

Attack Pattern ID: 211
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
Back to top

CAPEC-205: DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)

Attack Pattern ID: 205
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-37 : Retrieve Embedded Sensitive Data. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Lifting credential(s)/key material embedded in client distributions (thick or thin)
Back to top

CAPEC-249: DEPRECATED: Linux Terminal Injection

Attack Pattern ID: 249
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is covered by "CAPEC-40 : Manipulating Writeable Terminal Devices". Please refer to this CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Linux Terminal Injection
Back to top

CAPEC-453: DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware

Attack Pattern ID: 453
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malicious Logic Insertion via Counterfeit Hardware
Back to top

CAPEC-455: DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components

Attack Pattern ID: 455
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-457 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
Back to top

CAPEC-451: DEPRECATED: Malware Propagation via Infected Peripheral Device

Attack Pattern ID: 451
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated References
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malware Propagation via Infected Peripheral Device
Back to top

CAPEC-449: DEPRECATED: Malware Propagation via USB Stick

Attack Pattern ID: 449
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malware Propagation via USB Stick
Back to top

CAPEC-450: DEPRECATED: Malware Propagation via USB U3 Autorun

Attack Pattern ID: 450
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Malware Propagation via USB U3 Autorun
Back to top

CAPEC-266: DEPRECATED: Manipulate Canonicalization

Attack Pattern ID: 266
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Manipulate Canonicalization
Back to top

CAPEC CATEGORY: DEPRECATED: Manipulate System Users

Category ID: 527
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Manipulate System Users
Back to top

CAPEC-454: DEPRECATED: Modification of Existing Components with Counterfeit Hardware

Attack Pattern ID: 454
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Modification of Existing Components with Counterfeit Hardware
Back to top

CAPEC-567: DEPRECATED: Obtain Data via Utilities

Attack Pattern ID: 567
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Obtain Data via Utilities
Back to top

CAPEC-311: DEPRECATED: OS Fingerprinting

Attack Pattern ID: 311
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level patterns CAPEC-312 : Active OS Fingerprinting or CAPEC-313 : Passive OS Fingerprinting going forward, or to any of the detailed patterns that are children of them.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Updated References
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01OS Fingerprinting
Back to top

CAPEC-258: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update

Attack Pattern ID: 258
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
Back to top

CAPEC-260: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution

Attack Pattern ID: 260
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
Back to top

CAPEC-259: DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching

Attack Pattern ID: 259
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-65 : Sniff Application Code". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Languages, Methods_of_Attack, Platforms, Purposes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
Back to top

CAPEC-411: DEPRECATED: Pretexting

Attack Pattern ID: 411
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-407 : Social Information Gathering via Pretexting". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Back to top

CAPEC CATEGORY: DEPRECATED: Reconnaissance

Category ID: 286
 
Status: Deprecated
+ Summary
This category has been deprecated as it is no longer used in any view.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Relationships
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Reconnaissance
Back to top

CAPEC-269: DEPRECATED: Registry Manipulation

Attack Pattern ID: 269
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be a duplicate of another pattern. Please refer to the pattern CAPEC-203 : Manipulate Application Registry Values going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Back to top

CAPEC-56: DEPRECATED: Removing/short-circuiting 'guard logic'

Attack Pattern ID: 56
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of CAPEC-207 : Removing Important Client Functionality. Please refer to this other pattern going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Payload, Payload_Activation_Impact, Platforms, Probing_Techniques, Purposes, Related_Attack_Patterns, Related_Guidelines, Related_Security_Principles, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Removing/short-circuiting 'guard logic'
Back to top

CAPEC-557: DEPRECATED: Schedule Software To Run

Attack Pattern ID: 557
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Schedule Software To Run
Back to top

CAPEC-570: DEPRECATED: Signature-Based Avoidance

Attack Pattern ID: 570
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.
+ Content History
Submissions
Submission DateSubmitterOrganization
2015-11-09CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Solutions_and_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Signature-Based Avoidance
Back to top

CAPEC-280: DEPRECATED: SOAP Parameter Tampering

Attack Pattern ID: 280
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as its contents have been included in CAPEC-279 : SOAP Manipulation. Please refer to this other pattern going forward.
+ Relationships

The table(s) below shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.

NatureTypeIDName
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Resources_Required, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31SOAP Parameter Tampering
Back to top

CAPEC-404: DEPRECATED: Social Information Gathering Attacks

Attack Pattern ID: 404
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ References
[REF-348] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Social Information Gathering Attacks
Back to top

CAPEC-405: DEPRECATED: Social Information Gathering via Research

Attack Pattern ID: 405
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.
+ References
[REF-348] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, Related_Attack_Patterns, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Social Information Gathering via Research
Back to top

CAPEC-239: DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.

Attack Pattern ID: 239
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it did not contain any content and did not serve any useful purpose. Please refer to "CAPEC-207: removing Important Client Functionality" going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary
2019-04-04CAPEC Content TeamThe MITRE Corporation
Updated @Name, @Status, Description, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Subversion of authorization checks: cache filtering, programmatic security, etc.
2019-04-04Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.
Back to top

CAPEC-419: DEPRECATED: Target Influence via Perception of Concession

Attack Pattern ID: 419
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it was deemed not to be a legitimate pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-08-04CAPEC Content TeamThe MITRE Corporation
Updated Description Summary, References, Related_Attack_Patterns, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-08-04Target Influence via Perception of Concession
Back to top

CAPEC-315: DEPRECATED: TCP/IP Fingerprinting Probes

Attack Pattern ID: 315
Abstraction: Standard
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that are children of CAPEC-312.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Target_Attack_Surface, Target_Attack_Surface_Localities, Target_Attack_Surface_Types, Target_Functional_Services, Targeted_OSI_Layers, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01TCP/IP Fingerprinting Probes
Back to top

CAPEC-238: DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege

Attack Pattern ID: 238
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it did not appear to be a valid attack pattern.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description, Description Summary, Related_Attack_Patterns
Previous Entry Names
Change DatePrevious Entry Name
2018-07-31Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
Back to top

CAPEC-171: DEPRECATED: Variable Manipulation

Attack Pattern ID: 171
Abstraction: Meta
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is a duplicate of the existing attack pattern "CAPEC-77 : Manipulating User-Controlled Variables". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Variable Manipulation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication

Category ID: 334
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Authentication
+ References
[REF-275] "WASC Threat Classification 2.0". WASC-01 - Insufficient Authentication. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Authentication>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization

Category ID: 335
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Authorization
+ References
[REF-276] "WASC Threat Classification 2.0". WASC-02 - Insufficient Authorization. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Authorization>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection

Category ID: 337
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Transport Layer Protection
+ References
[REF-278] "WASC Threat Classification 2.0". WASC-04 - Insufficient Transport Layer Protection. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Transport-Layer-Protection>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage

Category ID: 346
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Information Leakage
+ References
[REF-288] "WASC Threat Classification 2.0". WASC-13 - Information Leakage. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Information-Leakage>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration

Category ID: 347
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Server Misconfiguration
+ References
[REF-289] "WASC Threat Classification 2.0". WASC-14 - Server Misconfiguration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Server-Misconfiguration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration

Category ID: 348
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Application Misconfiguration
+ References
[REF-290] "WASC Threat Classification 2.0". WASC-15 - Application Misconfiguration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Application-Misconfiguration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing

Category ID: 349
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Directory Indexing
+ References
[REF-11] "WASC Threat Classification 2.0". WASC-16 - Directory Indexing. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Directory-Indexing>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions

Category ID: 350
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Filesystem Permissions
+ References
[REF-293] "WASC Threat Classification 2.0". WASC-17 - Improper Filesystem Permissions. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Filesystem-Permissions>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling

Category ID: 353
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Input Handling
+ References
[REF-108] "WASC Threat Classification 2.0". WASC-20 - Improper Input Handling. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Input-Handling>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation

Category ID: 354
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Anti-automation
+ References
[REF-297] "WASC Threat Classification 2.0". WASC-21 - Insufficient Anti-automation. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient+Anti-automation>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling

Category ID: 355
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Improper Output Handling
+ References
[REF-298] "WASC Threat Classification 2.0". WASC-22 - Improper Output Handling. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Improper-Output-Handling>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation

Category ID: 373
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Process Validation
+ References
[REF-316] "WASC Threat Classification 2.0". WASC-40 - Insufficient Process Validation. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Process-Validation>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration

Category ID: 380
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Session Expiration
+ References
[REF-324] "WASC Threat Classification 2.0". WASC-47 - Insufficient Session Expiration. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Session-Expiration>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing

Category ID: 381
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insecure Indexing
+ References
[REF-325] "WASC Threat Classification 2.0". WASC-48 - Insecure Indexing. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insecure-Indexing>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC CATEGORY: DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery

Category ID: 382
 
Status: Deprecated
+ Summary
This category is related to the WASC Threat Classification 2.0 item Insufficient Password Recovery
+ References
[REF-326] "WASC Threat Classification 2.0". WASC-49 - Insufficient Password Recovery. The Web Application Security Consortium (WASC). 2010. <http://projects.webappsec.org/Insufficient-Password-Recovery>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Back to top

CAPEC-91: DEPRECATED: XSS in IMG Tags

Attack Pattern ID: 91
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it is contained in the existing attack pattern "CAPEC-18 : XSS Targeting Non-Script Elements". Please refer to this other CAPEC going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Methods_of_Attack, Payload, Payload_Activation_Impact, Platforms, Purposes, Related_Attack_Patterns, Related_Guidelines, Related_Security_Principles, Related_Vulnerabilities, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
2018-07-31CAPEC Content TeamThe MITRE Corporation
Updated Description Summary
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01XSS in IMG Tags
Back to top

CAPEC-106: DEPRECATED: XSS through Log Files

Attack Pattern ID: 106
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This attack pattern has been deprecated as it referes to an existing chain relationship between "CAPEC-93 : Log Injection-Tampering-Forging" and "CAPEC-63 : Cross-Site Scripting". Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Activation_Zone, Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Description, Description Summary, Examples-Instances, Frameworks, Injection_Vector, Languages, Methods_of_Attack, Payload, Payload_Activation_Impact, Platforms, Probing_Techniques, Purposes, Related_Attack_Patterns, Related_Security_Principles, Related_Weaknesses, Relevant_Security_Requirements, Resources_Required, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Cross Site Scripting through Log Files
Back to top

CAPEC-246: DEPRECATED: XSS Using Flash

Attack Pattern ID: 246
Abstraction: Detailed
Status: Deprecated
Presentation Filter:
+ Description
This pattern has been deprecated as it is covered by a chaining relationship between CAPEC-174: Flash Parameter Injection and CAPEC-591: Stored XSS. Please refer to these CAPECs going forward.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2017-05-01CAPEC Content TeamThe MITRE Corporation
Updated Attack_Phases, Description, Description Summary, Related_Attack_Patterns, Related_Weaknesses
Previous Entry Names
Change DatePrevious Entry Name
2017-05-01Cross-Site Scripting Using Flash
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: April 04, 2019
 

Use of the Common Attack Pattern Enumeration and Classification dictionary and classification taxonomy, and the associated references from this website, are subject to the Terms of Use. For more information, please email capec@mitre.org.

CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 2007 - 2019, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.

Privacy policy
Terms of use
Site Map
Contact us