CAPEC Attack Patterns

CAPEC attack patterns scored by proportion of reachable CVEs with active exploitation.

444 capec attack patterns scored · Page 2 of 5

critical-risk

high-risk

moderate-risk

low-risk

442

Attack Pattern	Score	Tier
Network Topology Mapping	14/100	low-risk
UDP Scan	14/100	low-risk
TCP RPC Scan	14/100	low-risk
TCP Window Scan	14/100	low-risk
Serialized Data External Linking	14/100	low-risk
TCP ACK Scan	14/100	low-risk
TCP Null Scan	14/100	low-risk
TCP Xmas Scan	14/100	low-risk
TCP FIN Scan	14/100	low-risk
TCP Connect Scan	14/100	low-risk
Port Scanning	14/100	low-risk
TCP SYN Ping	14/100	low-risk
UDP Ping	14/100	low-risk
TCP ACK Ping	14/100	low-risk
ICMP Information Request	14/100	low-risk
Local Code Inclusion	14/100	low-risk
Timestamp Request	14/100	low-risk
ICMP Address Mask Request	14/100	low-risk
Traceroute Route Enumeration	14/100	low-risk
Host Discovery	14/100	low-risk
Force Use of Corrupted Files	14/100	low-risk
DNS Zone Transfers	14/100	low-risk
Fingerprinting	14/100	low-risk
Enumerate Mail Exchange (MX) Records	14/100	low-risk
TCP SYN Scan	14/100	low-risk
HTTP Request Smuggling	13/100	low-risk
Server Side Request Forgery	13/100	low-risk
Using Meta-characters in E-mail Headers to Inject Malicious Payloads	13/100	low-risk
Input Data Manipulation	12/100	low-risk
Object Relational Mapping Injection	12/100	low-risk
SQL Injection through SOAP Parameter Tampering	12/100	low-risk
Flash Injection	12/100	low-risk
Read Sensitive Constants Within an Executable	12/100	low-risk
File Content Injection	12/100	low-risk
Fuzzing for garnering other adjacent user/sensitive data	12/100	low-risk
Expanding Control over the Operating System from the Database	12/100	low-risk
Signature Spoof	12/100	low-risk
Session Credential Falsification through Prediction	12/100	low-risk
SQL Injection	12/100	low-risk
Blind SQL Injection	12/100	low-risk
User-Controlled Filename	12/100	low-risk
Reusing Session IDs (aka Session Replay)	11/100	low-risk
Probe System Files	11/100	low-risk
Serialized Data with Nested Payloads	11/100	low-risk
Open-Source Library Manipulation	11/100	low-risk
Repo Jacking	11/100	low-risk
Oversized Serialized Data Payloads	11/100	low-risk
Cross Zone Scripting	11/100	low-risk
Web Server Logs Tampering	11/100	low-risk
Subverting Environment Variable Values	11/100	low-risk
Accessing/Intercepting/Modifying HTTP Cookies	11/100	low-risk
XPath Injection	10/100	low-risk
Server Side Include (SSI) Injection	10/100	low-risk
Try Common or Default Usernames and Passwords	10/100	low-risk
Reflection Injection	10/100	low-risk
XML Injection	10/100	low-risk
Fuzzing	10/100	low-risk
String Format Overflow in syslog()	10/100	low-risk
Leverage Alternate Encoding	10/100	low-risk
Format String Injection	10/100	low-risk
Collect Data from Common Resource Locations	10/100	low-risk
Double Encoding	10/100	low-risk
Using UTF-8 Encoding to Bypass Validation Logic	10/100	low-risk
Postfix, Null Terminate, and Backslash	10/100	low-risk
Embedding NULL Bytes	10/100	low-risk
Using Leading 'Ghost' Character Sequences to Bypass Input Filters	10/100	low-risk
URL Encoding	10/100	low-risk
Using Unicode Encoding to Bypass Validation Logic	10/100	low-risk
Relative Path Traversal	9/100	low-risk
WebView Injection	8/100	low-risk
Escaping Virtualization	7/100	low-risk
Signature Spoofing by Misrepresentation	7/100	low-risk
Symlink Attack	7/100	low-risk
Privilege Escalation	7/100	low-risk
Bluetooth Impersonation AttackS (BIAS)	7/100	low-risk
XSS Using Alternate Syntax	7/100	low-risk
Cross-Site Flashing	7/100	low-risk
Escaping a Sandbox by Calling Code in Another Language	7/100	low-risk
Functionality Bypass	7/100	low-risk
Password Recovery Exploitation	7/100	low-risk
Directory Indexing	7/100	low-risk
Restful Privilege Elevation	7/100	low-risk
Forced Integer Overflow	7/100	low-risk
Install Rootkit	6/100	low-risk
Intent Spoof	6/100	low-risk
Malicious Root Certificate	6/100	low-risk
Modification of Windows Service Configuration	6/100	low-risk
Signature Spoofing by Key Theft	6/100	low-risk
Web Services API Signature Forgery Leveraging Hash Function Extension Weakness	6/100	low-risk
Malicious Logic Insertion	6/100	low-risk
HTTP Response Smuggling	6/100	low-risk
Sustained Client Engagement	6/100	low-risk
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions	6/100	low-risk
Key Negotiation of Bluetooth Attack (KNOB)	6/100	low-risk
Exploitation of Thunderbolt Protection Flaws	6/100	low-risk
Use of Known Kerberos Credentials	6/100	low-risk
Privilege Abuse	6/100	low-risk
XSS Using MIME Type Mismatch	6/100	low-risk
Cross-Site Scripting (XSS)	6/100	low-risk
Cross Site Request Forgery	6/100	low-risk

« Prev 1 2 3 4 5 Next »