Common Attack Pattern Enumeration and Classification : CAPEC

CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
ID Name Action
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-2 Inducing Account Lockout
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-4 Using Alternative IP Address Encodings
CAPEC-5 Blue Boxing
CAPEC-6 Argument Injection
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-11 Cause Web Server Misclassification
CAPEC-12 Choosing Message Identifier
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-15 Command Delimiters
CAPEC-16 Dictionary-based Password Attack
CAPEC-17 Using Malicious Files
CAPEC-18 XSS Targeting Non-Script Elements
CAPEC-19 Embedding Scripts within Scripts
CAPEC-20 Encryption Brute Forcing
CAPEC-21 Exploitation of Trusted Identifiers
CAPEC-22 Exploiting Trust in Client
CAPEC-23 File Content Injection
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-25 Forced Deadlock
CAPEC-26 Leveraging Race Conditions
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-30 Hijacking a Privileged Thread of Execution
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 XSS Through HTTP Query Strings
CAPEC-33 HTTP Request Smuggling
CAPEC-34 HTTP Response Splitting
CAPEC-35 Leverage Executable Code in Non-Executable Files
CAPEC-36 Using Unpublished Interfaces or Functionality
CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-40 Manipulating Writeable Terminal Devices
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-48 Passing Local Filenames to Functions That Expect a URL
CAPEC-49 Password Brute Forcing
CAPEC-50 Password Recovery Exploitation
Showing 50 of 559 Results