-
Notifications
You must be signed in to change notification settings - Fork 419
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #175 from mitre/update-to-3-5
Update to 3 5
- Loading branch information
Showing
6,843 changed files
with
125,782 additions
and
124,091 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
1 change: 1 addition & 0 deletions
1
capec/2.0/attack-pattern/attack-pattern--00268a75-3243-477d-9166-8c78fddf6df6.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"type": "bundle", "id": "bundle--4974f939-5493-442f-a9b8-d19e221b3ef4", "spec_version": "2.0", "objects": [{"type": "attack-pattern", "id": "attack-pattern--00268a75-3243-477d-9166-8c78fddf6df6", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "created": "2014-06-23T00:00:00.000Z", "modified": "2020-12-17T00:00:00.000Z", "name": "Forceful Browsing", "description": "An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.", "external_references": [{"source_name": "capec", "url": "https://capec.mitre.org/data/definitions/87.html", "external_id": "CAPEC-87"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/425.html", "external_id": "CWE-425"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/285.html", "external_id": "CWE-285"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/693.html", "external_id": "CWE-693"}, {"source_name": "WASC", "description": "Predictable Resource Location", "url": "http://projects.webappsec.org/Predictable-Resource-Location", "external_id": "34"}, {"source_name": "OWASP Attacks", "description": "Forced browsing", "url": "https://owasp.org/www-community/attacks/Forced_browsing"}], "object_marking_refs": ["marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"], "x_capec_abstraction": "Standard", "x_capec_child_of": ["attack-pattern--8f665166-dfd1-40cb-91e8-b78bee1ceb6a"], "x_capec_consequences": {"Confidentiality": ["Read Data", "Bypass Protection Mechanism"], "Access_Control": ["Bypass Protection Mechanism"], "Authorization": ["Bypass Protection Mechanism"]}, "x_capec_example_instances": ["\n <xhtml:p>A bulletin board application provides an administrative interface at admin.aspx when the user logging in belongs to the administrators group.</xhtml:p>\n <xhtml:p>An attacker can access the admin.aspx interface by making a direct request to the page. Not having access to the interface appropriately protected allows the attacker to perform administrative functions without having to authenticate themself in that role.</xhtml:p>\n "], "x_capec_execution_flow": "<h2> Execution Flow </h2><div><h3>Explore</h3><ol><li> <p> <b>Spider: </b>Using an automated tool, an attacker follows all public links on a web site. They record all the links they find.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Use a spidering tool to follow and record all links.</td></tr><tr><td>Use a proxy tool to record all links visited during a manual traversal of the web application.</td></tr></tbody></table></ol></div><div><h3>Experiment</h3><ol><li> <p> <b>Attempt well-known or guessable resource locations: </b>Using an automated tool, an attacker requests a variety of well-known URLs that correspond to administrative, debugging, or other useful internal actions. They record all the positive responses from the server.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Use a spidering tool to follow and record attempts on well-known URLs.</td></tr><tr><td>Use a proxy tool to record all links visited during a manual traversal of attempts on well-known URLs.</td></tr></tbody></table></ol></div><div><h3>Exploit</h3><ol><li> <p> <b>Use unauthorized resources: </b>By visiting the unprotected resource, the attacker makes use of unauthorized functionality.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Access unprotected functions and execute them.</td></tr></tbody></table><li> <p> <b>View unauthorized data: </b>The attacker discovers and views unprotected sensitive data.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Direct request of protected pages that directly access database back-ends. (e.g., list.jsp, accounts.jsp, status.jsp, etc.)</td></tr></tbody></table></ol></div>", "x_capec_likelihood_of_attack": "High", "x_capec_prerequisites": ["The forcibly browseable pages or accessible resources must be discoverable and improperly protected."], "x_capec_resources_required": ["None: No specialized resources are required to execute this type of attack. A directory listing is helpful, but not a requirement."], "x_capec_skills_required": {"Low": "Forcibly browseable pages can be discovered by using a number of automated tools. Doing the same manually is tedious but by no means difficult."}, "x_capec_status": "Draft", "x_capec_typical_severity": "High", "x_capec_version": "3.5"}]} |
1 change: 1 addition & 0 deletions
1
capec/2.0/attack-pattern/attack-pattern--0082c733-5245-47ca-a349-6c9fe34114f1.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"type": "bundle", "id": "bundle--2bc6b53d-56c2-4dac-99dc-b53972295968", "spec_version": "2.0", "objects": [{"type": "attack-pattern", "id": "attack-pattern--0082c733-5245-47ca-a349-6c9fe34114f1", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "DEPRECATED: Information Gathering from Non-Traditional Sources", "description": "This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.", "external_references": [{"source_name": "capec", "url": "https://capec.mitre.org/data/definitions/409.html", "external_id": "CAPEC-409"}], "object_marking_refs": ["marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"], "x_capec_abstraction": "Meta", "x_capec_status": "Deprecated", "x_capec_version": "3.5"}]} |
1 change: 1 addition & 0 deletions
1
capec/2.0/attack-pattern/attack-pattern--00c93895-c68e-4d27-a1ec-0dddce68ed97.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"type": "bundle", "id": "bundle--ac4fbefe-b46a-4dca-adea-303b130c76c9", "spec_version": "2.0", "objects": [{"type": "attack-pattern", "id": "attack-pattern--00c93895-c68e-4d27-a1ec-0dddce68ed97", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-09-30T00:00:00.000Z", "name": "Bypassing Physical Locks", "description": "An attacker uses techniques and methods to bypass physical security measures of a building or facility. Physical locks may range from traditional lock and key mechanisms, cable locks used to secure laptops or servers, locks on server cases, or other such devices. Techniques such as lock bumping, lock forcing via snap guns, or lock picking can be employed to bypass those locks and gain access to the facilities or devices they protect, although stealth, evidence of tampering, and the integrity of the lock following an attack, are considerations that may determine the method employed. Physical locks are limited by the complexity of the locking mechanism. While some locks may offer protections such as shock resistant foam to prevent bumping or lock forcing methods, many commonly employed locks offer no such countermeasures.", "external_references": [{"source_name": "capec", "url": "https://capec.mitre.org/data/definitions/391.html", "external_id": "CAPEC-391"}, {"source_name": "reference_from_CAPEC", "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", "external_id": "REF-33"}], "object_marking_refs": ["marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"], "x_capec_abstraction": "Standard", "x_capec_child_of": ["attack-pattern--8ba08815-66fb-4150-a7fa-8ab6d1472b5f"], "x_capec_parent_of": ["attack-pattern--4068bee0-b331-49e8-872e-98429a3c374a", "attack-pattern--9996317e-313b-456c-8bc8-491dbb53b368", "attack-pattern--aea87f07-9619-4bc5-9790-01bf3423c494"], "x_capec_status": "Draft", "x_capec_version": "3.5"}]} |
1 change: 1 addition & 0 deletions
1
capec/2.0/attack-pattern/attack-pattern--00d91a4c-2645-4bf1-8db7-e7448ef25f17.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"type": "bundle", "id": "bundle--0beeb3c9-060e-498b-ad29-d3b29b06c14c", "spec_version": "2.0", "objects": [{"type": "attack-pattern", "id": "attack-pattern--00d91a4c-2645-4bf1-8db7-e7448ef25f17", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "Using Alternative IP Address Encodings", "description": "This attack relies on the attacker using unexpected formats for representing IP addresses. Networked applications may expect network location information in a specific format, such as fully qualified domains names (FQDNs), URL, IP address, or IP Address ranges. If the location information is not validated against a variety of different possible encodings and formats, the adversary can use an alternate format to bypass application access control.", "external_references": [{"source_name": "capec", "url": "https://capec.mitre.org/data/definitions/4.html", "external_id": "CAPEC-4"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/291.html", "external_id": "CWE-291"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/173.html", "external_id": "CWE-173"}, {"source_name": "reference_from_CAPEC", "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", "external_id": "REF-1"}], "object_marking_refs": ["marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"], "x_capec_abstraction": "Detailed", "x_capec_child_of": ["attack-pattern--a1af7c24-25cb-46e5-a27b-ed316e1f91ce"], "x_capec_consequences": {"Confidentiality": ["Gain Privileges"], "Access_Control": ["Gain Privileges"], "Authorization": ["Gain Privileges"]}, "x_capec_example_instances": ["An adversary identifies an application server that applies a security policy based on the domain and application name. For example, the access control policy covers authentication and authorization for anyone accessing http://example.domain:8080/application. However, by using the IP address of the host instead (http://192.168.0.1:8080/application), the application authentication and authorization controls may be bypassed. The adversary relies on the victim applying policy to the namespace abstraction and not having a default deny policy in place to manage exceptions."], "x_capec_likelihood_of_attack": "Medium", "x_capec_prerequisites": ["The target software must fail to anticipate all of the possible valid encodings of an IP/web address.", "The adversary must have the ability to communicate with the server."], "x_capec_resources_required": ["The adversary needs to have knowledge of an alternative IP address encoding that bypasses the access control policy of an application. Alternatively, the adversary can simply try to brute-force various encoding possibilities."], "x_capec_skills_required": {"Low": "The adversary has only to try IP address format combinations."}, "x_capec_status": "Draft", "x_capec_typical_severity": "High", "x_capec_version": "3.5"}]} |
1 change: 1 addition & 0 deletions
1
capec/2.0/attack-pattern/attack-pattern--0123fa83-2d47-4398-85f1-30ce114abb9a.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"type": "bundle", "id": "bundle--ac987af3-38ec-4037-bd27-03b19affcf3b", "spec_version": "2.0", "objects": [{"type": "attack-pattern", "id": "attack-pattern--0123fa83-2d47-4398-85f1-30ce114abb9a", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "created": "2014-06-23T00:00:00.000Z", "modified": "2021-06-24T00:00:00.000Z", "name": "Malicious Software Download", "description": "An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code that originates from an attacker controlled source. There are several variations to this strategy of attack.", "external_references": [{"source_name": "capec", "url": "https://capec.mitre.org/data/definitions/185.html", "external_id": "CAPEC-185"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/494.html", "external_id": "CWE-494"}, {"source_name": "ATTACK", "description": "Ingress Tool Transfer", "url": "https://attack.mitre.org/wiki/Technique/T1105", "external_id": "T1105"}], "object_marking_refs": ["marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"], "x_capec_abstraction": "Standard", "x_capec_can_follow": ["attack-pattern--d16af13f-5e0f-4a6b-bc1f-23f733d2229b"], "x_capec_can_precede": ["attack-pattern--558870ad-9433-4e39-a0b0-d9b5c4691862"], "x_capec_child_of": ["attack-pattern--582f33d6-0aa7-4f34-a91e-d767a65adad1"], "x_capec_status": "Draft", "x_capec_typical_severity": "Very High", "x_capec_version": "3.5"}]} |
1 change: 1 addition & 0 deletions
1
capec/2.0/attack-pattern/attack-pattern--012db73f-2f3c-49f3-bdf3-12ec3eee01ce.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"type": "bundle", "id": "bundle--0ce7ca6b-05d2-4b74-8d1b-4a6b804a0a34", "spec_version": "2.0", "objects": [{"type": "attack-pattern", "id": "attack-pattern--012db73f-2f3c-49f3-bdf3-12ec3eee01ce", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "Session Credential Falsification through Manipulation", "description": "An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server. For example, a credential in the form of a web cookie might have a field that indicates the access rights of a user. By manually tweaking this cookie, a user might be able to increase their access rights to the server. Alternately an attacker may be able to manipulate an existing credential to appear as a different user. This attack differs from falsification through prediction in that the user bases their modified credentials off existing credentials instead of using patterns detected in prior credentials to create a new credential that is accepted because it fits the pattern. As a result, an attacker may be able to impersonate other users or elevate their permissions to a targeted service.", "external_references": [{"source_name": "capec", "url": "https://capec.mitre.org/data/definitions/226.html", "external_id": "CAPEC-226"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/565.html", "external_id": "CWE-565"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/472.html", "external_id": "CWE-472"}], "object_marking_refs": ["marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"], "x_capec_abstraction": "Detailed", "x_capec_child_of": ["attack-pattern--414d0884-4f46-4a51-b4ea-72125c7f5f9e"], "x_capec_prerequisites": ["The targeted application must use session credentials to identify legitimate users."], "x_capec_resources_required": ["An attacker will need tools to sniff existing credentials (possibly their own) in order to retrieve a base credential for modification. They will need to understand how the components of the credential affect server behavior and how to manipulate this behavior by changing the credential. Finally, they will need tools to allow them to craft and transmit a modified credential."], "x_capec_status": "Draft", "x_capec_typical_severity": "Medium", "x_capec_version": "3.5"}]} |
1 change: 1 addition & 0 deletions
1
capec/2.0/attack-pattern/attack-pattern--014e5fc2-7564-4775-94aa-220601522b05.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"type": "bundle", "id": "bundle--2596eed7-031a-4949-9f4a-33bdcffb687b", "spec_version": "2.0", "objects": [{"type": "attack-pattern", "id": "attack-pattern--014e5fc2-7564-4775-94aa-220601522b05", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements", "description": "An attacker removes or modifies the logic on a client associated with monetary calculations resulting in incorrect information being sent to the server. A server may rely on a client to correctly compute monetary information. For example, a server might supply a price for an item and then rely on the client to correctly compute the total cost of a purchase given the number of items the user is buying. If the attacker can remove or modify the logic that controls these calculations, they can return incorrect values to the server. The attacker can use this to make purchases for a fraction of the legitimate cost or otherwise avoid correct billing for activities.", "external_references": [{"source_name": "capec", "url": "https://capec.mitre.org/data/definitions/208.html", "external_id": "CAPEC-208"}, {"source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/602.html", "external_id": "CWE-602"}], "object_marking_refs": ["marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"], "x_capec_abstraction": "Detailed", "x_capec_child_of": ["attack-pattern--3c404955-b160-423f-b148-d4fa4727e3a9"], "x_capec_prerequisites": ["The targeted server must rely on the client to correctly perform monetary calculations and must fail to detect errors in these calculations."], "x_capec_resources_required": ["The attacker must have access to the client for the targeted service (this step is trivial for most web-based services). The attacker must also be able to reverse engineer the client in order to locate and modify the client's purse logic. Reverse engineering tools would be necessary for this."], "x_capec_status": "Draft", "x_capec_typical_severity": "Medium", "x_capec_version": "3.5"}]} |
1 change: 1 addition & 0 deletions
1
capec/2.0/attack-pattern/attack-pattern--0184fd4d-9134-42c0-b073-5e614773d408.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"type": "bundle", "id": "bundle--010408ca-2ff6-40b0-8ca9-029659249cbb", "spec_version": "2.0", "objects": [{"type": "attack-pattern", "id": "attack-pattern--0184fd4d-9134-42c0-b073-5e614773d408", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "created": "2017-02-01T00:00:00.000Z", "modified": "2020-12-17T00:00:00.000Z", "name": "Cross Frame Scripting (XFS)", "description": "This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact with a legitimate webpage in a manner that is unknown to the user. This attack usually leverages some element of social engineering in that an attacker must convinces a user to visit a web page that the attacker controls.", "external_references": [{"source_name": "capec", "url": "https://capec.mitre.org/data/definitions/587.html", "external_id": "CAPEC-587"}, {"source_name": "OWASP Attacks", "description": "Cross Frame Scripting", "url": "https://owasp.org/www-community/attacks/Cross_Frame_Scripting"}, {"source_name": "reference_from_CAPEC", "description": "Cross Frame Scripting, 2016, OWASP", "url": "https://www.owasp.org/index.php/Cross_Frame_Scripting", "external_id": "REF-469"}, {"source_name": "reference_from_CAPEC", "description": "Gustave Rydstedt, Elie Bursztein, Dan Boneh, and Collin Jackson, Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites, 2010--07---20", "url": "https://seclab.stanford.edu/websec/framebusting/framebust.pdf", "external_id": "REF-470"}], "object_marking_refs": ["marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"], "x_capec_abstraction": "Detailed", "x_capec_child_of": ["attack-pattern--8711eca6-b3ad-40b7-b7ac-08be37885119"], "x_capec_consequences": {"Confidentiality": ["Read Data (Cross Frame Scripting allows an adversary to steal sensitive data from a legitimate site.)"]}, "x_capec_example_instances": ["An adversary-controlled webpage contains malicious Javascript and a concealed iframe containing containing a legitimate website login (i.e., the concealed iframe would make it appear as though the actual legitimate website was loaded). When the user interacts with the legitimate website in the iframe, the malicious Javascript collects that sensitive information."], "x_capec_prerequisites": ["The user's browser must have vulnerabilities in its implementation of the same-origin policy. It allows certain data in a loaded page to originate from different servers/domains."], "x_capec_status": "Draft", "x_capec_typical_severity": "High", "x_capec_version": "3.5"}]} |
Oops, something went wrong.