CAPEC Library

Common Attack Pattern Enumeration

All Meta High-level categories Standard Specific patterns Detailed Implementation-level
CAPEC-1
Accessing Functionality Not Properly Constrained by ACLs
High High
CAPEC-2
Inducing Account Lockout
Medium High
CAPEC-3
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
Medium Medium
CAPEC-4
Using Alternative IP Address Encodings
High Medium
CAPEC-5
Blue Boxing
Very High Medium
CAPEC-6
Argument Injection
High High
CAPEC-7
Blind SQL Injection
High High
CAPEC-8
Buffer Overflow in an API Call
High High
CAPEC-9
Buffer Overflow in Local Command-Line Utilities
High High
CAPEC-10
Buffer Overflow via Environment Variables
High High
CAPEC-11
Cause Web Server Misclassification
High Medium
CAPEC-12
Choosing Message Identifier
High High
CAPEC-13
Subverting Environment Variable Values
Very High High
CAPEC-14
Client-side Injection-induced Buffer Overflow
High Medium
CAPEC-15
Command Delimiters
High High
CAPEC-16
Dictionary-based Password Attack
High Medium
CAPEC-17
Using Malicious Files
Very High High
CAPEC-18
XSS Targeting Non-Script Elements
Very High High
CAPEC-19
Embedding Scripts within Scripts
High High
CAPEC-20
Encryption Brute Forcing
Low Low
CAPEC-21
Exploitation of Trusted Identifiers
High High
CAPEC-22
Exploiting Trust in Client
High High
CAPEC-23
File Content Injection
Very High High
CAPEC-24
Filter Failure through Buffer Overflow
High High
CAPEC-25
Forced Deadlock
High Low
CAPEC-26
Leveraging Race Conditions
High High
CAPEC-27
Leveraging Race Conditions via Symbolic Links
High Medium
CAPEC-28
Fuzzing
Medium High
CAPEC-29
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
High High
CAPEC-30
Hijacking a Privileged Thread of Execution
Very High Low
CAPEC-31
Accessing/Intercepting/Modifying HTTP Cookies
High High
CAPEC-32
XSS Through HTTP Query Strings
High High
CAPEC-33
HTTP Request Smuggling
High Medium
CAPEC-34
HTTP Response Splitting
High Medium
CAPEC-35
Leverage Executable Code in Non-Executable Files
Very High High
CAPEC-36
Using Unpublished Interfaces or Functionality
High Medium
CAPEC-37
Retrieve Embedded Sensitive Data
Very High High
CAPEC-38
Leveraging/Manipulating Configuration File Search Paths
Very High High
CAPEC-39
Manipulating Opaque Client-based Data Tokens
Medium High
CAPEC-40
Manipulating Writeable Terminal Devices
Very High High
CAPEC-41
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
High High
CAPEC-42
MIME Conversion
High High
CAPEC-43
Exploiting Multiple Input Interpretation Layers
High Medium
CAPEC-44
Overflow Binary Resource File
Very High High
CAPEC-45
Buffer Overflow via Symbolic Links
High High
CAPEC-46
Overflow Variables and Tags
High High
CAPEC-47
Buffer Overflow via Parameter Expansion
High Medium
CAPEC-48
Passing Local Filenames to Functions That Expect a URL
High High
CAPEC-49
Password Brute Forcing
High Medium
CAPEC-50
Password Recovery Exploitation
High Medium