CAPEC Attack Patterns

CAPEC attack patterns scored by proportion of reachable CVEs with active exploitation.

444 capec attack patterns scored · Page 5 of 5

critical-risk
0
high-risk
0
moderate-risk
2
low-risk
442
Attack Pattern Score Tier
Subvert Code-signing Facilities 0/100 low-risk
Exploitation of Improperly Controlled Registers 0/100 low-risk
Create Malicious Client 0/100 low-risk
Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities 0/100 low-risk
SOAP Array Overflow 0/100 low-risk
XSS Targeting HTML Attributes 0/100 low-risk
Audit Log Manipulation 0/100 low-risk
XSS Targeting URI Placeholders 0/100 low-risk
Using Alternative IP Address Encodings 0/100 low-risk
Inducing Account Lockout 0/100 low-risk
Load Value Injection 0/100 low-risk
Windows ::DATA Alternate Data Stream 0/100 low-risk
Physically Hacking Hardware 0/100 low-risk
Eavesdropping on a Monitor 0/100 low-risk
XSS Targeting Error Pages 0/100 low-risk
Cross Frame Scripting (XFS) 0/100 low-risk
Reverse Engineering 0/100 low-risk
Flash File Overlay 0/100 low-risk
DNS Rebinding 0/100 low-risk
Pull Data from System Resources 0/100 low-risk
XSS Using Doubled Characters 0/100 low-risk
Tapjacking 0/100 low-risk
Task Impersonation 0/100 low-risk
Cause Web Server Misclassification 0/100 low-risk
XSS Using Invalid Characters 0/100 low-risk
Manipulating Hidden Fields 0/100 low-risk
Manipulation During Distribution 0/100 low-risk
Screen Temporary Files for Sensitive Information 0/100 low-risk
Content Spoofing Via Application API Manipulation 0/100 low-risk
Android Intent Intercept 0/100 low-risk
Infected Memory 0/100 low-risk
USB Memory Attacks 0/100 low-risk
Flash Memory Attacks 0/100 low-risk
Explore for Predictable Temporary File Names 0/100 low-risk
Sniffing Network Traffic 0/100 low-risk
Shared Resource Manipulation 0/100 low-risk
Functionality Misuse 0/100 low-risk
Credential Prompt Impersonation 0/100 low-risk
Sniffing Attacks 0/100 low-risk
White Box Reverse Engineering 0/100 low-risk
Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements 0/100 low-risk
Homograph Attack via Homoglyphs 0/100 low-risk
Removing Important Client Functionality 0/100 low-risk
Exploitation of Transient Instruction Execution 0/100 low-risk
« Prev 1 3 4 5