| CAPEC | Related Weakness |
| Blind SQL Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Padding Oracle Crypto Attack |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
| CWE-347 | Improper Verification of Cryptographic Signature |
| CWE-354 | Improper Validation of Integrity Check Value |
| CWE-514 | Covert Channel |
| CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
| CWE-696 | Incorrect Behavior Order |
|
| Query System for Information |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
|
| Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
| CWE-388 | 7PK - Errors |
|
| Fuzzing and observing application log data/errors for application mapping |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
| CWE-532 | Insertion of Sensitive Information into Log File |
|
