New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 3.8 and 3.9 Content  

Differences between 3.8 and 3.9 Content

Summary

Total (3.9) (not including Deprecated) 593
Total (3.8) (not including Deprecated) 588
Attack Patterns
New Patterns Added 4
Existing Patterns Modified with Enhanced Material 56
Categories
Existing Categories Modified with Enhanced Material 5
Views
Views Added 1
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 58
CAPEC -> CWE Mappings Removed 3
CAPEC -> CAPEC Mappings
CAPEC -> CAPEC Mappings Added 63
CAPEC -> CAPEC Mappings Removed 3

Summary of Entry Types

Type 3.8 3.9
Views 12 13
Categories 21 21
Attack Patterns 555 559
Deprecated 113 113

Back to top

Attack Pattern Changes

New Patterns Added
CAPEC-699 Eavesdropping on a Monitor
CAPEC-700 Network Boundary Bridging
CAPEC-701 Browser in the Middle (BiTM)
CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components

Existing Patterns Modified with Enhanced Material
CAPEC-5 Blue Boxing
CAPEC-19 Embedding Scripts within Scripts
CAPEC-35 Leverage Executable Code in Non-Executable Files
CAPEC-98 Phishing
CAPEC-121 Exploit Non-Production Interfaces
CAPEC-138 Reflection Injection
CAPEC-143 Detect Unpublicized Web Pages
CAPEC-144 Detect Unpublicized Web Services
CAPEC-149 Explore for Predictable Temporary File Names
CAPEC-150 Collect Data from Common Resource Locations
CAPEC-154 Resource Location Spoofing
CAPEC-161 Infrastructure Manipulation
CAPEC-163 Spear Phishing
CAPEC-164 Mobile Phishing
CAPEC-167 White Box Reverse Engineering
CAPEC-173 Action Spoofing
CAPEC-178 Cross-Site Flashing
CAPEC-188 Reverse Engineering
CAPEC-195 Principal Spoof
CAPEC-207 Removing Important Client Functionality
CAPEC-216 Communication Channel Manipulation
CAPEC-227 Sustained Client Engagement
CAPEC-271 Schema Poisoning
CAPEC-331 ICMP IP Total Length Field Probe
CAPEC-332 ICMP IP 'ID' Field Error Message Probe
CAPEC-442 Infected Software
CAPEC-448 Embed Virus into DLL
CAPEC-452 Infected Hardware
CAPEC-456 Infected Memory
CAPEC-457 USB Memory Attacks
CAPEC-458 Flash Memory Attacks
CAPEC-481 Contradictory Destinations in Traffic Routing Schemes
CAPEC-488 HTTP Flood
CAPEC-498 Probe iOS Screenshots
CAPEC-500 WebView Injection
CAPEC-538 Open-Source Library Manipulation
CAPEC-541 Application Fingerprinting
CAPEC-542 Targeted Malware
CAPEC-545 Pull Data from System Resources
CAPEC-548 Contaminate Resource
CAPEC-578 Disable Security Software
CAPEC-579 Replace Winlogon Helper DLL
CAPEC-580 System Footprinting
CAPEC-585 DNS Domain Seizure
CAPEC-587 Cross Frame Scripting (XFS)
CAPEC-598 DNS Spoofing
CAPEC-599 Terrestrial Jamming
CAPEC-607 Obstruction
CAPEC-625 Mobile Device Fault Injection
CAPEC-632 Homograph Attack via Homoglyphs
CAPEC-636 Hiding Malicious Data or Code within Files
CAPEC-640 Inclusion of Code in Existing Process
CAPEC-675 Retrieve Data from Decommissioned Devices
CAPEC-677 Server Motherboard Compromise
CAPEC-678 System Build Data Maliciously Altered
CAPEC-695 Repo Jacking

Patterns Deprecated
Back to top

Category Changes

New Categories Added

Existing Categories Modified with Enhanced Material
CAPEC-156 Engage in Deceptive Interactions
CAPEC-403 Social Engineering
CAPEC-437 Supply Chain
CAPEC-685 Development and Production
CAPEC-688 Sustainment

Categories Deprecated
Back to top

View Changes

Views Added
CAPEC-703 Industrial Control System (ICS) Patterns

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top

Mapping Changes

CAPEC --> CWE Mappings Added
CAPEC-98 Phishing
  --> CWE-451 User Interface (UI) Misrepresentation of Critical Information
CAPEC-138 Reflection Injection
  --> CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CAPEC-143 Detect Unpublicized Web Pages
  --> CWE-425 Direct Request ('Forced Browsing')
CAPEC-144 Detect Unpublicized Web Services
  --> CWE-425 Direct Request ('Forced Browsing')
CAPEC-149 Explore for Predictable Temporary File Names
  --> CWE-377 Insecure Temporary File
CAPEC-154 Resource Location Spoofing
  --> CWE-451 User Interface (UI) Misrepresentation of Critical Information
CAPEC-161 Infrastructure Manipulation
  --> CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
CAPEC-163 Spear Phishing
  --> CWE-451 User Interface (UI) Misrepresentation of Critical Information
CAPEC-164 Mobile Phishing
  --> CWE-451 User Interface (UI) Misrepresentation of Critical Information
CAPEC-173 Action Spoofing
  --> CWE-451 User Interface (UI) Misrepresentation of Critical Information
CAPEC-178 Cross-Site Flashing
  --> CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CAPEC-188 Reverse Engineering
  --> CWE-1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
CAPEC-216 Communication Channel Manipulation
  --> CWE-306 Missing Authentication for Critical Function
CAPEC-227 Sustained Client Engagement
  --> CWE-400 Uncontrolled Resource Consumption
CAPEC-331 ICMP IP Total Length Field Probe
  --> CWE-204 Observable Response Discrepancy
CAPEC-332 ICMP IP 'ID' Field Error Message Probe
  --> CWE-204 Observable Response Discrepancy
CAPEC-442 Infected Software
  --> CWE-506 Embedded Malicious Code
CAPEC-448 Embed Virus into DLL
  --> CWE-506 Embedded Malicious Code
CAPEC-456 Infected Memory
  --> CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
  --> CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges
  --> CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code
  --> CWE-1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
  --> CWE-1316 Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
CAPEC-457 USB Memory Attacks
  --> CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface
CAPEC-458 Flash Memory Attacks
  --> CWE-1282 Assumed-Immutable Data is Stored in Writable Memory
CAPEC-481 Contradictory Destinations in Traffic Routing Schemes
  --> CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
CAPEC-498 Probe iOS Screenshots
  --> CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
CAPEC-500 WebView Injection
  --> CWE-749 Exposed Dangerous Method or Function
  --> CWE-940 Improper Verification of Source of a Communication Channel
CAPEC-538 Open-Source Library Manipulation
  --> CWE-494 Download of Code Without Integrity Check
  --> CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CAPEC-541 Application Fingerprinting
  --> CWE-204 Observable Response Discrepancy
  --> CWE-205 Observable Behavioral Discrepancy
  --> CWE-208 Observable Timing Discrepancy
CAPEC-579 Replace Winlogon Helper DLL
  --> CWE-15 External Control of System or Configuration Setting
CAPEC-580 System Footprinting
  --> CWE-204 Observable Response Discrepancy
  --> CWE-205 Observable Behavioral Discrepancy
  --> CWE-208 Observable Timing Discrepancy
CAPEC-587 Cross Frame Scripting (XFS)
  --> CWE-1021 Improper Restriction of Rendered UI Layers or Frames
CAPEC-625 Mobile Device Fault Injection
  --> CWE-1247 Improper Protection Against Voltage and Clock Glitches
  --> CWE-1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
  --> CWE-1256 Improper Restriction of Software Interfaces to Hardware Features
  --> CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)
  --> CWE-1332 Improper Handling of Faults that Lead to Instruction Skips
  --> CWE-1334 Unauthorized Error Injection Can Degrade Hardware Redundancy
  --> CWE-1338 Improper Protections Against Hardware Overheating
  --> CWE-1351 Improper Handling of Hardware Behavior in Exceptionally Cold Environments
CAPEC-632 Homograph Attack via Homoglyphs
  --> CWE-1007 Insufficient Visual Distinction of Homoglyphs Presented to User
CAPEC-636 Hiding Malicious Data or Code within Files
  --> CWE-506 Embedded Malicious Code
CAPEC-640 Inclusion of Code in Existing Process
  --> CWE-114 Process Control
  --> CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CAPEC-675 Retrieve Data from Decommissioned Devices
  --> CWE-1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
CAPEC-695 Repo Jacking
  --> CWE-494 Download of Code Without Integrity Check
  --> CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CAPEC-699 Eavesdropping on a Monitor
  --> CWE-1300 Improper Protection of Physical Side Channels
CAPEC-701 Browser in the Middle (BiTM)
  --> CWE-294 Authentication Bypass by Capture-replay
  --> CWE-345 Insufficient Verification of Data Authenticity
CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components
  --> CWE-1296 Incorrect Chaining or Granularity of Debug Components

CAPEC --> CWE Mappings Removed
CAPEC-150 Collect Data from Common Resource Locations
  --> CWE-1324 Sensitive Information Accessible by Physical Probing of JTAG Interface
CAPEC-167 White Box Reverse Engineering
  --> CWE-1324 Sensitive Information Accessible by Physical Probing of JTAG Interface
CAPEC-545 Pull Data from System Resources
  --> CWE-1324 Sensitive Information Accessible by Physical Probing of JTAG Interface

CAPEC --> CAPEC Mappings Added
CAPEC-156 Engage in Deceptive Interactions
Has Member   --> CAPEC-690 Metadata Spoofing
CAPEC-216 Communication Channel Manipulation
CanPrecede   --> CAPEC-94 Adversary in the Middle (AiTM)
CAPEC-403 Social Engineering
Has Member   --> CAPEC-690 Metadata Spoofing
CAPEC-437 Supply Chain
Has Member   --> CAPEC-176 Configuration/Environment Manipulation
CAPEC-548 Contaminate Resource
CanPrecede   --> CAPEC-607 Obstruction
CAPEC-587 Cross Frame Scripting (XFS)
Has Child   --> CAPEC-103 Clickjacking
CAPEC-685 Development and Production
Has Member   --> CAPEC-690 Metadata Spoofing
CAPEC-688 Sustainment
Has Member   --> CAPEC-690 Metadata Spoofing
CAPEC-699 Eavesdropping on a Monitor
Has Child   --> CAPEC-651 Eavesdropping
CAPEC-700 Network Boundary Bridging
CanFollow   --> CAPEC-70 Try Common or Default Usernames and Passwords
Has Child   --> CAPEC-161 Infrastructure Manipulation
CanFollow   --> CAPEC-560 Use of Known Domain Credentials
CAPEC-701 Browser in the Middle (BiTM)
Has Child   --> CAPEC-94 Adversary in the Middle (AiTM)
CanFollow   --> CAPEC-98 Phishing
CanPrecede   --> CAPEC-148 Content Spoofing
CanPrecede   --> CAPEC-151 Identity Spoofing
CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components
Has Child   --> CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-703 Industrial Control System (ICS) Patterns
Has Member   --> CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
Has Member   --> CAPEC-57 Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
Has Member   --> CAPEC-65 Sniff Application Code
Has Member   --> CAPEC-70 Try Common or Default Usernames and Passwords
Has Member   --> CAPEC-94 Adversary in the Middle (AiTM)
Has Member   --> CAPEC-98 Phishing
Has Member   --> CAPEC-125 Flooding
Has Member   --> CAPEC-130 Excessive Allocation
Has Member   --> CAPEC-131 Resource Leak Exposure
Has Member   --> CAPEC-141 Cache Poisoning
Has Member   --> CAPEC-148 Content Spoofing
Has Member   --> CAPEC-158 Sniffing Network Traffic
Has Member   --> CAPEC-163 Spear Phishing
Has Member   --> CAPEC-165 File Manipulation
Has Member   --> CAPEC-169 Footprinting
Has Member   --> CAPEC-177 Create files with the same name as files protected with a higher classification
Has Member   --> CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
Has Member   --> CAPEC-184 Software Integrity Attack
Has Member   --> CAPEC-191 Read Sensitive Constants Within an Executable
Has Member   --> CAPEC-227 Sustained Client Engagement
Has Member   --> CAPEC-268 Audit Log Manipulation
Has Member   --> CAPEC-292 Host Discovery
Has Member   --> CAPEC-309 Network Topology Mapping
Has Member   --> CAPEC-312 Active OS Fingerprinting
Has Member   --> CAPEC-313 Passive OS Fingerprinting
Has Member   --> CAPEC-438 Modification During Manufacture
Has Member   --> CAPEC-439 Manipulation During Distribution
Has Member   --> CAPEC-441 Malicious Logic Insertion
Has Member   --> CAPEC-457 USB Memory Attacks
Has Member   --> CAPEC-473 Signature Spoof
Has Member   --> CAPEC-504 Task Impersonation
Has Member   --> CAPEC-540 Overread Buffers
Has Member   --> CAPEC-547 Physical Destruction of Device or Component
Has Member   --> CAPEC-552 Install Rootkit
Has Member   --> CAPEC-555 Remote Services with Stolen Credentials
Has Member   --> CAPEC-560 Use of Known Domain Credentials
Has Member   --> CAPEC-573 Process Footprinting
Has Member   --> CAPEC-580 System Footprinting
Has Member   --> CAPEC-603 Blockage
Has Member   --> CAPEC-607 Obstruction
Has Member   --> CAPEC-635 Alternative Execution Due to Deceptive Filenames
Has Member   --> CAPEC-648 Collect Data from Screen Capture
Has Member   --> CAPEC-649 Adding a Space to a File Extension
Has Member   --> CAPEC-690 Metadata Spoofing
Has Member   --> CAPEC-691 Spoof Open-Source Software Metadata
Has Member   --> CAPEC-692 Spoof Version Control System Commit Metadata

CAPEC --> CAPEC Mappings Removed
CAPEC-437 Supply Chain
Has Member   --> CAPEC-441 Malicious Logic Insertion
CAPEC-587 Cross Frame Scripting (XFS)
Has Child   --> CAPEC-195 Principal Spoof
CAPEC-688 Sustainment
Has Member   --> CAPEC-441 Malicious Logic Insertion
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: January 24, 2023
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2025, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.