CAPEC | Related Weakness |
Navigation Remapping To Propagate Malicious Content |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
DNS Cache Poisoning |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-348 | Use of Less Trusted Source |
CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
CWE-350 | Reliance on Reverse DNS Resolution for a Security-Critical Action |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') |
|
Spoofing of UDDI/ebXML Messages |
CWE-345 | Insufficient Verification of Data Authenticity |
|
Transaction or Event Tampering via Application API Manipulation |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Application API Message Manipulation via Man-in-the-Middle |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Application API Navigation Remapping |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Application API Button Hijacking |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-471 | Modification of Assumed-Immutable Data (MAID) |
CWE-602 | Client-Side Enforcement of Server-Side Security |
|
Cache Poisoning |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-348 | Use of Less Trusted Source |
CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') |
|
Content Spoofing |
CWE-345 | Insufficient Verification of Data Authenticity |
|
JSON Hijacking (aka JavaScript Hijacking) |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-346 | Origin Validation Error |
CWE-352 | Cross-Site Request Forgery (CSRF) |
|