Common Attack Pattern Enumeration and Classification by MITRE

ID CAPEC Name Severity Likelihood Confid(...) Integrity Availability
21 Exploitation of Session Variables, Resource IDs and other Trusted Credentials High High High High Low
22 Exploiting Trust in Client (aka Make the Client Invisible) High High High High Low
23 File System Function Injection, Content Based Very High High High High High
24 Filter Failure through Buffer Overflow High High Medium High Medium
25 Forced Deadlock High Low Low Low High
26 Leveraging Race Conditions High High Low High Medium
27 Leveraging Race Conditions via Symbolic Links High Medium High High Low
28 Fuzzing Medium High Medium Medium Medium
29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions High High High High Low
30 Hijacking a Privileged Thread of Execution Very High Low High High Low
31 Accessing/Intercepting/Modifying HTTP Cookies High High High High Low
32 Embedding Scripts in HTTP Query Strings High High High High Low
33 HTTP Request Smuggling High Medium Medium Medium Low
34 HTTP Response Splitting High Medium High High Low
35 Leverage Executable Code in Non-Executable Files Very High High Medium High Low
36 Using Unpublished Web Service APIs High Medium High Medium Low
37 Lifting Data Embedded in Client Distributions Very High Very High High Medium Low
38 Leveraging/Manipulating Configuration File Search Paths Very High High Medium Medium Medium
39 Manipulating Opaque Client-based Data Tokens Medium Very High High High Low
40 Manipulating Writeable Terminal Devices Very High High High High Low