CAPEC Library

Common Attack Pattern Enumeration

All Meta High-level categories Standard Specific patterns Detailed Implementation-level
CAPEC-21
Exploitation of Trusted Identifiers
High High
CAPEC-22
Exploiting Trust in Client
High High
CAPEC-25
Forced Deadlock
High Low
CAPEC-26
Leveraging Race Conditions
High High
CAPEC-28
Fuzzing
Medium High
CAPEC-74
Manipulating State
High Medium
CAPEC-94
Adversary in the Middle (AiTM)
Very High High
CAPEC-112
Brute Force
High
CAPEC-113
Interface Manipulation
Medium Medium
CAPEC-114
Authentication Abuse
Medium
CAPEC-115
Authentication Bypass
Medium
CAPEC-116
Excavation
Medium High
CAPEC-117
Interception
Medium Low
CAPEC-122
Privilege Abuse
Medium High
CAPEC-123
Buffer Manipulation
Very High High
CAPEC-124
Shared Resource Manipulation
Medium
CAPEC-125
Flooding
Medium High
CAPEC-129
Pointer Manipulation
Medium
CAPEC-130
Excessive Allocation
Medium Medium
CAPEC-131
Resource Leak Exposure
Medium Medium
CAPEC-137
Parameter Injection
Medium Medium
CAPEC-148
Content Spoofing
Medium Medium
CAPEC-151
Identity Spoofing
Medium Medium
CAPEC-153
Input Data Manipulation
Medium
CAPEC-154
Resource Location Spoofing
Medium Medium
CAPEC-161
Infrastructure Manipulation
High
CAPEC-165
File Manipulation
Medium
CAPEC-169
Footprinting
Very Low High
CAPEC-171
DEPRECATED: Variable Manipulation
CAPEC-173
Action Spoofing
Very High High
CAPEC-175
Code Inclusion
Very High Medium
CAPEC-176
Configuration/Environment Manipulation
Medium
CAPEC-184
Software Integrity Attack
Low
CAPEC-188
Reverse Engineering
Low Low
CAPEC-192
Protocol Analysis
Low Low
CAPEC-212
Functionality Misuse
Medium Medium
CAPEC-216
Communication Channel Manipulation
CAPEC-224
Fingerprinting
Very Low High
CAPEC-227
Sustained Client Engagement
CAPEC-233
Privilege Escalation
CAPEC-240
Resource Injection
High High
CAPEC-241
DEPRECATED: Code Injection
CAPEC-242
Code Injection
High High
CAPEC-248
Command Injection
High Medium
CAPEC-257
DEPRECATED: Abuse of Transaction Data Structure
CAPEC-264
DEPRECATED: Environment Variable Manipulation
CAPEC-265
DEPRECATED: Global variable manipulation
CAPEC-266
DEPRECATED: Manipulate Canonicalization
CAPEC-269
DEPRECATED: Registry Manipulation
CAPEC-272
Protocol Manipulation
Medium