Common Attack Pattern Enumeration and Classification : CAPEC
CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to
exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and
educators to advance community understanding and enhance defenses.
ID
Name
Action
CAPEC-1
Accessing Functionality Not Properly Constrained by ACLs
CAPEC-2
Inducing Account Lockout
CAPEC-3
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-4
Using Alternative IP Address Encodings
CAPEC-5
Blue Boxing
CAPEC-6
Argument Injection
CAPEC-7
Blind SQL Injection
CAPEC-8
Buffer Overflow in an API Call
CAPEC-9
Buffer Overflow in Local Command-Line Utilities
CAPEC-10
Buffer Overflow via Environment Variables
CAPEC-11
Cause Web Server Misclassification
CAPEC-12
Choosing Message Identifier
CAPEC-13
Subverting Environment Variable Values
CAPEC-14
Client-side Injection-induced Buffer Overflow
CAPEC-15
Command Delimiters
CAPEC-16
Dictionary-based Password Attack
CAPEC-17
Using Malicious Files
CAPEC-18
XSS Targeting Non-Script Elements
CAPEC-19
Embedding Scripts within Scripts
CAPEC-20
Encryption Brute Forcing
CAPEC-21
Exploitation of Trusted Identifiers
CAPEC-22
Exploiting Trust in Client
CAPEC-23
File Content Injection
CAPEC-24
Filter Failure through Buffer Overflow
CAPEC-25
Forced Deadlock
CAPEC-26
Leveraging Race Conditions
CAPEC-27
Leveraging Race Conditions via Symbolic Links
CAPEC-28
Fuzzing
CAPEC-29
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
