From 3168b79bdf6778af637ece0b00f8ed9b3af3e1a3 Mon Sep 17 00:00:00 2001 From: Adrian Medina Date: Mon, 20 May 2024 12:19:44 -0400 Subject: [PATCH] Add CAPEC v3.9 common attack pattern individuals to knowledge graph --- Makefile | 13 + Pipfile | 1 + Pipfile.lock | 850 ++-- src/ontology/d3fend-protege.ttl | 7638 ++++++++++++++++++++++++++++++- src/util/update_capec.py | 122 + src/util/update_capec.sh | 32 + 6 files changed, 8190 insertions(+), 466 deletions(-) create mode 100644 src/util/update_capec.py create mode 100644 src/util/update_capec.sh diff --git a/Makefile b/Makefile index 8de42185..35ae41a8 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,8 @@ D3FEND_RELEASE_DATE :="2024-04-26T00:00:00.000Z" ATTACK_VERSION := 15.0 +CAPEC_VERSION := 3.9 + JENA_VERSION := 4.5.0 JENA_PATH := "bin/jena/apache-jena-${JENA_VERSION}/bin" @@ -134,6 +136,17 @@ update-attack: bash src/util/update_attack.sh $(ATTACK_VERSION) $(END) +download-capec: + mkdir -p data + echo "Version: $(CAPEC_VERSION)" + cd data; wget https://capec.mitre.org/data/archive/capec_v$(CAPEC_VERSION).zip + unzip data/capec_v$(CAPEC_VERSION).zip -d data + $(END) + +update-capec: + bash src/util/update_capec.sh $(CAPEC_VERSION) + $(END) + update-puns: bash src/util/update_puns.sh $(END) diff --git a/Pipfile b/Pipfile index e1f21101..0fbd26ca 100644 --- a/Pipfile +++ b/Pipfile @@ -16,6 +16,7 @@ pandas = "*" owlready2 = "*" openpyxl = "*" stix2 = "*" +defusedxml = "*" [requires] python_version = "3.9" diff --git a/Pipfile.lock b/Pipfile.lock index b392eaf0..fb3489c1 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "f337fc6fc82ec3fc4b3206949c51e9152e97f802884a61c8f24d0eecd41a8842" + "sha256": "66251e5b84d8c580e91f8222f503996f8310eda23e3112d6c4f93f2e512fb2ec" }, "pipfile-spec": 6, "requires": { @@ -24,92 +24,116 @@ }, "certifi": { "hashes": [ - "sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7", - "sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716" + "sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f", + "sha256:dc383c07b76109f368f6106eee2b593b04a011ea4d55f652c6ca24a754d1cdd1" ], "markers": "python_version >= '3.6'", - "version": "==2023.5.7" + "version": "==2024.2.2" }, "charset-normalizer": { "hashes": [ - "sha256:04afa6387e2b282cf78ff3dbce20f0cc071c12dc8f685bd40960cc68644cfea6", - "sha256:04eefcee095f58eaabe6dc3cc2262f3bcd776d2c67005880894f447b3f2cb9c1", - "sha256:0be65ccf618c1e7ac9b849c315cc2e8a8751d9cfdaa43027d4f6624bd587ab7e", - "sha256:0c95f12b74681e9ae127728f7e5409cbbef9cd914d5896ef238cc779b8152373", - "sha256:0ca564606d2caafb0abe6d1b5311c2649e8071eb241b2d64e75a0d0065107e62", - "sha256:10c93628d7497c81686e8e5e557aafa78f230cd9e77dd0c40032ef90c18f2230", - "sha256:11d117e6c63e8f495412d37e7dc2e2fff09c34b2d09dbe2bee3c6229577818be", - "sha256:11d3bcb7be35e7b1bba2c23beedac81ee893ac9871d0ba79effc7fc01167db6c", - "sha256:12a2b561af122e3d94cdb97fe6fb2bb2b82cef0cdca131646fdb940a1eda04f0", - "sha256:12d1a39aa6b8c6f6248bb54550efcc1c38ce0d8096a146638fd4738e42284448", - "sha256:1435ae15108b1cb6fffbcea2af3d468683b7afed0169ad718451f8db5d1aff6f", - "sha256:1c60b9c202d00052183c9be85e5eaf18a4ada0a47d188a83c8f5c5b23252f649", - "sha256:1e8fcdd8f672a1c4fc8d0bd3a2b576b152d2a349782d1eb0f6b8e52e9954731d", - "sha256:20064ead0717cf9a73a6d1e779b23d149b53daf971169289ed2ed43a71e8d3b0", - "sha256:21fa558996782fc226b529fdd2ed7866c2c6ec91cee82735c98a197fae39f706", - "sha256:22908891a380d50738e1f978667536f6c6b526a2064156203d418f4856d6e86a", - "sha256:3160a0fd9754aab7d47f95a6b63ab355388d890163eb03b2d2b87ab0a30cfa59", - "sha256:322102cdf1ab682ecc7d9b1c5eed4ec59657a65e1c146a0da342b78f4112db23", - "sha256:34e0a2f9c370eb95597aae63bf85eb5e96826d81e3dcf88b8886012906f509b5", - "sha256:3573d376454d956553c356df45bb824262c397c6e26ce43e8203c4c540ee0acb", - "sha256:3747443b6a904001473370d7810aa19c3a180ccd52a7157aacc264a5ac79265e", - "sha256:38e812a197bf8e71a59fe55b757a84c1f946d0ac114acafaafaf21667a7e169e", - "sha256:3a06f32c9634a8705f4ca9946d667609f52cf130d5548881401f1eb2c39b1e2c", - "sha256:3a5fc78f9e3f501a1614a98f7c54d3969f3ad9bba8ba3d9b438c3bc5d047dd28", - "sha256:3d9098b479e78c85080c98e1e35ff40b4a31d8953102bb0fd7d1b6f8a2111a3d", - "sha256:3dc5b6a8ecfdc5748a7e429782598e4f17ef378e3e272eeb1340ea57c9109f41", - "sha256:4155b51ae05ed47199dc5b2a4e62abccb274cee6b01da5b895099b61b1982974", - "sha256:49919f8400b5e49e961f320c735388ee686a62327e773fa5b3ce6721f7e785ce", - "sha256:53d0a3fa5f8af98a1e261de6a3943ca631c526635eb5817a87a59d9a57ebf48f", - "sha256:5f008525e02908b20e04707a4f704cd286d94718f48bb33edddc7d7b584dddc1", - "sha256:628c985afb2c7d27a4800bfb609e03985aaecb42f955049957814e0491d4006d", - "sha256:65ed923f84a6844de5fd29726b888e58c62820e0769b76565480e1fdc3d062f8", - "sha256:6734e606355834f13445b6adc38b53c0fd45f1a56a9ba06c2058f86893ae8017", - "sha256:6baf0baf0d5d265fa7944feb9f7451cc316bfe30e8df1a61b1bb08577c554f31", - "sha256:6f4f4668e1831850ebcc2fd0b1cd11721947b6dc7c00bf1c6bd3c929ae14f2c7", - "sha256:6f5c2e7bc8a4bf7c426599765b1bd33217ec84023033672c1e9a8b35eaeaaaf8", - "sha256:6f6c7a8a57e9405cad7485f4c9d3172ae486cfef1344b5ddd8e5239582d7355e", - "sha256:7381c66e0561c5757ffe616af869b916c8b4e42b367ab29fedc98481d1e74e14", - "sha256:73dc03a6a7e30b7edc5b01b601e53e7fc924b04e1835e8e407c12c037e81adbd", - "sha256:74db0052d985cf37fa111828d0dd230776ac99c740e1a758ad99094be4f1803d", - "sha256:75f2568b4189dda1c567339b48cba4ac7384accb9c2a7ed655cd86b04055c795", - "sha256:78cacd03e79d009d95635e7d6ff12c21eb89b894c354bd2b2ed0b4763373693b", - "sha256:80d1543d58bd3d6c271b66abf454d437a438dff01c3e62fdbcd68f2a11310d4b", - "sha256:830d2948a5ec37c386d3170c483063798d7879037492540f10a475e3fd6f244b", - "sha256:891cf9b48776b5c61c700b55a598621fdb7b1e301a550365571e9624f270c203", - "sha256:8f25e17ab3039b05f762b0a55ae0b3632b2e073d9c8fc88e89aca31a6198e88f", - "sha256:9a3267620866c9d17b959a84dd0bd2d45719b817245e49371ead79ed4f710d19", - "sha256:a04f86f41a8916fe45ac5024ec477f41f886b3c435da2d4e3d2709b22ab02af1", - "sha256:aaf53a6cebad0eae578f062c7d462155eada9c172bd8c4d250b8c1d8eb7f916a", - "sha256:abc1185d79f47c0a7aaf7e2412a0eb2c03b724581139193d2d82b3ad8cbb00ac", - "sha256:ac0aa6cd53ab9a31d397f8303f92c42f534693528fafbdb997c82bae6e477ad9", - "sha256:ac3775e3311661d4adace3697a52ac0bab17edd166087d493b52d4f4f553f9f0", - "sha256:b06f0d3bf045158d2fb8837c5785fe9ff9b8c93358be64461a1089f5da983137", - "sha256:b116502087ce8a6b7a5f1814568ccbd0e9f6cfd99948aa59b0e241dc57cf739f", - "sha256:b82fab78e0b1329e183a65260581de4375f619167478dddab510c6c6fb04d9b6", - "sha256:bd7163182133c0c7701b25e604cf1611c0d87712e56e88e7ee5d72deab3e76b5", - "sha256:c36bcbc0d5174a80d6cccf43a0ecaca44e81d25be4b7f90f0ed7bcfbb5a00909", - "sha256:c3af8e0f07399d3176b179f2e2634c3ce9c1301379a6b8c9c9aeecd481da494f", - "sha256:c84132a54c750fda57729d1e2599bb598f5fa0344085dbde5003ba429a4798c0", - "sha256:cb7b2ab0188829593b9de646545175547a70d9a6e2b63bf2cd87a0a391599324", - "sha256:cca4def576f47a09a943666b8f829606bcb17e2bc2d5911a46c8f8da45f56755", - "sha256:cf6511efa4801b9b38dc5546d7547d5b5c6ef4b081c60b23e4d941d0eba9cbeb", - "sha256:d16fd5252f883eb074ca55cb622bc0bee49b979ae4e8639fff6ca3ff44f9f854", - "sha256:d2686f91611f9e17f4548dbf050e75b079bbc2a82be565832bc8ea9047b61c8c", - "sha256:d7fc3fca01da18fbabe4625d64bb612b533533ed10045a2ac3dd194bfa656b60", - "sha256:dd5653e67b149503c68c4018bf07e42eeed6b4e956b24c00ccdf93ac79cdff84", - "sha256:de5695a6f1d8340b12a5d6d4484290ee74d61e467c39ff03b39e30df62cf83a0", - "sha256:e0ac8959c929593fee38da1c2b64ee9778733cdf03c482c9ff1d508b6b593b2b", - "sha256:e1b25e3ad6c909f398df8921780d6a3d120d8c09466720226fc621605b6f92b1", - "sha256:e633940f28c1e913615fd624fcdd72fdba807bf53ea6925d6a588e84e1151531", - "sha256:e89df2958e5159b811af9ff0f92614dabf4ff617c03a4c1c6ff53bf1c399e0e1", - "sha256:ea9f9c6034ea2d93d9147818f17c2a0860d41b71c38b9ce4d55f21b6f9165a11", - "sha256:f645caaf0008bacf349875a974220f1f1da349c5dbe7c4ec93048cdc785a3326", - "sha256:f8303414c7b03f794347ad062c0516cee0e15f7a612abd0ce1e25caf6ceb47df", - "sha256:fca62a8301b605b954ad2e9c3666f9d97f63872aa4efcae5492baca2056b74ab" + "sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027", + "sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087", + "sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786", + "sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8", + "sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09", + "sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185", + "sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574", + "sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e", + "sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519", + "sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898", + "sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269", + "sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3", + "sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f", + "sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6", + "sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8", + "sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a", + "sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73", + "sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc", + "sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714", + "sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2", + "sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc", + "sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce", + "sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d", + "sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e", + "sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6", + "sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269", + "sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96", + "sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d", + "sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a", + "sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4", + "sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77", + "sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d", + "sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0", + "sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed", + "sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068", + "sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac", + "sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25", + "sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8", + "sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab", + "sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26", + "sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2", + "sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db", + "sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f", + "sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5", + "sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99", + "sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c", + "sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d", + "sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811", + "sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa", + "sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a", + "sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03", + "sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b", + "sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04", + "sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c", + "sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001", + "sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458", + "sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389", + "sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99", + "sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985", + "sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537", + "sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238", + "sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f", + "sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d", + "sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796", + "sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a", + "sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143", + "sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8", + "sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c", + "sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5", + "sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5", + "sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711", + "sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4", + "sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6", + "sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c", + "sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7", + "sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4", + "sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b", + "sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae", + "sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12", + "sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c", + "sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae", + "sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8", + "sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887", + "sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b", + "sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4", + "sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f", + "sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5", + "sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33", + "sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519", + "sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561" ], "markers": "python_full_version >= '3.7.0'", - "version": "==3.1.0" + "version": "==3.3.2" + }, + "defusedxml": { + "hashes": [ + "sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69", + "sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61" + ], + "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==0.7.1" }, "docopt": { "hashes": [ @@ -127,11 +151,11 @@ }, "idna": { "hashes": [ - "sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4", - "sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2" + "sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc", + "sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0" ], "markers": "python_version >= '3.5'", - "version": "==3.4" + "version": "==3.7" }, "isodate": { "hashes": [ @@ -142,44 +166,53 @@ }, "joblib": { "hashes": [ - "sha256:091138ed78f800342968c523bdde947e7a305b8594b910a0fea2ab83c3c6d385", - "sha256:e1cee4a79e4af22881164f218d4311f60074197fb707e082e803b61f6d137018" + "sha256:06d478d5674cbc267e7496a410ee875abd68e4340feff4490bcb7afb88060ae6", + "sha256:2382c5816b2636fbd20a09e0f4e9dad4736765fdfb7dca582943b9c1366b3f0e" ], - "version": "==1.2.0" + "version": "==1.4.2" }, "numpy": { "hashes": [ - "sha256:0ec87a7084caa559c36e0a2309e4ecb1baa03b687201d0a847c8b0ed476a7187", - "sha256:1a7d6acc2e7524c9955e5c903160aa4ea083736fde7e91276b0e5d98e6332812", - "sha256:202de8f38fc4a45a3eea4b63e2f376e5f2dc64ef0fa692838e31a808520efaf7", - "sha256:210461d87fb02a84ef243cac5e814aad2b7f4be953b32cb53327bb49fd77fbb4", - "sha256:2d926b52ba1367f9acb76b0df6ed21f0b16a1ad87c6720a1121674e5cf63e2b6", - "sha256:352ee00c7f8387b44d19f4cada524586f07379c0d49270f87233983bc5087ca0", - "sha256:35400e6a8d102fd07c71ed7dcadd9eb62ee9a6e84ec159bd48c28235bbb0f8e4", - "sha256:3c1104d3c036fb81ab923f507536daedc718d0ad5a8707c6061cdfd6d184e570", - "sha256:4719d5aefb5189f50887773699eaf94e7d1e02bf36c1a9d353d9f46703758ca4", - "sha256:4749e053a29364d3452c034827102ee100986903263e89884922ef01a0a6fd2f", - "sha256:5342cf6aad47943286afa6f1609cad9b4266a05e7f2ec408e2cf7aea7ff69d80", - "sha256:56e48aec79ae238f6e4395886b5eaed058abb7231fb3361ddd7bfdf4eed54289", - "sha256:76e3f4e85fc5d4fd311f6e9b794d0c00e7002ec122be271f2019d63376f1d385", - "sha256:7776ea65423ca6a15255ba1872d82d207bd1e09f6d0894ee4a64678dd2204078", - "sha256:784c6da1a07818491b0ffd63c6bbe5a33deaa0e25a20e1b3ea20cf0e43f8046c", - "sha256:8535303847b89aa6b0f00aa1dc62867b5a32923e4d1681a35b5eef2d9591a463", - "sha256:9a7721ec204d3a237225db3e194c25268faf92e19338a35f3a224469cb6039a3", - "sha256:a1d3c026f57ceaad42f8231305d4653d5f05dc6332a730ae5c0bea3513de0950", - "sha256:ab344f1bf21f140adab8e47fdbc7c35a477dc01408791f8ba00d018dd0bc5155", - "sha256:ab5f23af8c16022663a652d3b25dcdc272ac3f83c3af4c02eb8b824e6b3ab9d7", - "sha256:ae8d0be48d1b6ed82588934aaaa179875e7dc4f3d84da18d7eae6eb3f06c242c", - "sha256:c91c4afd8abc3908e00a44b2672718905b8611503f7ff87390cc0ac3423fb096", - "sha256:d5036197ecae68d7f491fcdb4df90082b0d4960ca6599ba2659957aafced7c17", - "sha256:d6cc757de514c00b24ae8cf5c876af2a7c3df189028d68c0cb4eaa9cd5afc2bf", - "sha256:d933fabd8f6a319e8530d0de4fcc2e6a61917e0b0c271fded460032db42a0fe4", - "sha256:ea8282b9bcfe2b5e7d491d0bf7f3e2da29700cec05b49e64d6246923329f2b02", - "sha256:ecde0f8adef7dfdec993fd54b0f78183051b6580f606111a6d789cd14c61ea0c", - "sha256:f21c442fdd2805e91799fbe044a7b999b8571bb0ab0f7850d0cb9641a687092b" + "sha256:03a8c78d01d9781b28a6989f6fa1bb2c4f2d51201cf99d3dd875df6fbd96b23b", + "sha256:08beddf13648eb95f8d867350f6a018a4be2e5ad54c8d8caed89ebca558b2818", + "sha256:1af303d6b2210eb850fcf03064d364652b7120803a0b872f5211f5234b399f20", + "sha256:1dda2e7b4ec9dd512f84935c5f126c8bd8b9f2fc001e9f54af255e8c5f16b0e0", + "sha256:2a02aba9ed12e4ac4eb3ea9421c420301a0c6460d9830d74a9df87efa4912010", + "sha256:2e4ee3380d6de9c9ec04745830fd9e2eccb3e6cf790d39d7b98ffd19b0dd754a", + "sha256:3373d5d70a5fe74a2c1bb6d2cfd9609ecf686d47a2d7b1d37a8f3b6bf6003aea", + "sha256:47711010ad8555514b434df65f7d7b076bb8261df1ca9bb78f53d3b2db02e95c", + "sha256:4c66707fabe114439db9068ee468c26bbdf909cac0fb58686a42a24de1760c71", + "sha256:50193e430acfc1346175fcbdaa28ffec49947a06918b7b92130744e81e640110", + "sha256:52b8b60467cd7dd1e9ed082188b4e6bb35aa5cdd01777621a1658910745b90be", + "sha256:60dedbb91afcbfdc9bc0b1f3f402804070deed7392c23eb7a7f07fa857868e8a", + "sha256:62b8e4b1e28009ef2846b4c7852046736bab361f7aeadeb6a5b89ebec3c7055a", + "sha256:666dbfb6ec68962c033a450943ded891bed2d54e6755e35e5835d63f4f6931d5", + "sha256:675d61ffbfa78604709862923189bad94014bef562cc35cf61d3a07bba02a7ed", + "sha256:679b0076f67ecc0138fd2ede3a8fd196dddc2ad3254069bcb9faf9a79b1cebcd", + "sha256:7349ab0fa0c429c82442a27a9673fc802ffdb7c7775fad780226cb234965e53c", + "sha256:7ab55401287bfec946ced39700c053796e7cc0e3acbef09993a9ad2adba6ca6e", + "sha256:7e50d0a0cc3189f9cb0aeb3a6a6af18c16f59f004b866cd2be1c14b36134a4a0", + "sha256:95a7476c59002f2f6c590b9b7b998306fba6a5aa646b1e22ddfeaf8f78c3a29c", + "sha256:96ff0b2ad353d8f990b63294c8986f1ec3cb19d749234014f4e7eb0112ceba5a", + "sha256:9fad7dcb1aac3c7f0584a5a8133e3a43eeb2fe127f47e3632d43d677c66c102b", + "sha256:9ff0f4f29c51e2803569d7a51c2304de5554655a60c5d776e35b4a41413830d0", + "sha256:a354325ee03388678242a4d7ebcd08b5c727033fcff3b2f536aea978e15ee9e6", + "sha256:a4abb4f9001ad2858e7ac189089c42178fcce737e4169dc61321660f1a96c7d2", + "sha256:ab47dbe5cc8210f55aa58e4805fe224dac469cde56b9f731a4c098b91917159a", + "sha256:afedb719a9dcfc7eaf2287b839d8198e06dcd4cb5d276a3df279231138e83d30", + "sha256:b3ce300f3644fb06443ee2222c2201dd3a89ea6040541412b8fa189341847218", + "sha256:b97fe8060236edf3662adfc2c633f56a08ae30560c56310562cb4f95500022d5", + "sha256:bfe25acf8b437eb2a8b2d49d443800a5f18508cd811fea3181723922a8a82b07", + "sha256:cd25bcecc4974d09257ffcd1f098ee778f7834c3ad767fe5db785be9a4aa9cb2", + "sha256:d209d8969599b27ad20994c8e41936ee0964e6da07478d6c35016bc386b66ad4", + "sha256:d5241e0a80d808d70546c697135da2c613f30e28251ff8307eb72ba696945764", + "sha256:edd8b5fe47dab091176d21bb6de568acdd906d1887a4584a15a9a96a1dca06ef", + "sha256:f870204a840a60da0b12273ef34f7051e98c3b5961b61b0c2c1be6dfd64fbcd3", + "sha256:ffa75af20b44f8dba823498024771d5ac50620e6915abac414251bd971b4529f" ], "index": "pypi", - "version": "==1.24.3" + "markers": "python_version >= '3.9'", + "version": "==1.26.4" }, "openpyxl": { "hashes": [ @@ -187,183 +220,204 @@ "sha256:f91456ead12ab3c6c2e9491cf33ba6d08357d802192379bb482f1033ade496f5" ], "index": "pypi", + "markers": "python_version >= '3.6'", "version": "==3.1.2" }, "owlready2": { "hashes": [ - "sha256:04fcf4cce810e7b1e78a76ec7c13e44133df316f85081a05f082887e2dd39e03" + "sha256:3c1b06dbe85df77dfa2de5a13ba1d11b4b8543c1c0ccdc5be252a81e3c0de55a" ], "index": "pypi", - "version": "==0.43" + "markers": "python_version >= '3.6'", + "version": "==0.46" }, "pandas": { "hashes": [ - "sha256:02755de164da6827764ceb3bbc5f64b35cb12394b1024fdf88704d0fa06e0e2f", - "sha256:0a1e0576611641acde15c2322228d138258f236d14b749ad9af498ab69089e2d", - "sha256:1eb09a242184092f424b2edd06eb2b99d06dc07eeddff9929e8667d4ed44e181", - "sha256:30a89d0fec4263ccbf96f68592fd668939481854d2ff9da709d32a047689393b", - "sha256:50e451932b3011b61d2961b4185382c92cc8c6ee4658dcd4f320687bb2d000ee", - "sha256:51a93d422fbb1bd04b67639ba4b5368dffc26923f3ea32a275d2cc450f1d1c86", - "sha256:598e9020d85a8cdbaa1815eb325a91cfff2bb2b23c1442549b8a3668e36f0f77", - "sha256:66d00300f188fa5de73f92d5725ced162488f6dc6ad4cecfe4144ca29debe3b8", - "sha256:69167693cb8f9b3fc060956a5d0a0a8dbfed5f980d9fd2c306fb5b9c855c814c", - "sha256:6d6d10c2142d11d40d6e6c0a190b1f89f525bcf85564707e31b0a39e3b398e08", - "sha256:713f2f70abcdade1ddd68fc91577cb090b3544b07ceba78a12f799355a13ee44", - "sha256:7376e13d28eb16752c398ca1d36ccfe52bf7e887067af9a0474de6331dd948d2", - "sha256:77550c8909ebc23e56a89f91b40ad01b50c42cfbfab49b3393694a50549295ea", - "sha256:7b21cb72958fc49ad757685db1919021d99650d7aaba676576c9e88d3889d456", - "sha256:9ebb9f1c22ddb828e7fd017ea265a59d80461d5a79154b49a4207bd17514d122", - "sha256:a18e5c72b989ff0f7197707ceddc99828320d0ca22ab50dd1b9e37db45b010c0", - "sha256:a6b5f14cd24a2ed06e14255ff40fe2ea0cfaef79a8dd68069b7ace74bd6acbba", - "sha256:b42b120458636a981077cfcfa8568c031b3e8709701315e2bfa866324a83efa8", - "sha256:c4af689352c4fe3d75b2834933ee9d0ccdbf5d7a8a7264f0ce9524e877820c08", - "sha256:c7319b6e68de14e6209460f72a8d1ef13c09fb3d3ef6c37c1e65b35d50b5c145", - "sha256:cf3f0c361a4270185baa89ec7ab92ecaa355fe783791457077473f974f654df5", - "sha256:dd46bde7309088481b1cf9c58e3f0e204b9ff9e3244f441accd220dd3365ce7c", - "sha256:dd5476b6c3fe410ee95926873f377b856dbc4e81a9c605a0dc05aaccc6a7c6c6", - "sha256:e69140bc2d29a8556f55445c15f5794490852af3de0f609a24003ef174528b79", - "sha256:f908a77cbeef9bbd646bd4b81214cbef9ac3dda4181d5092a4aa9797d1bc7774" + "sha256:001910ad31abc7bf06f49dcc903755d2f7f3a9186c0c040b827e522e9cef0863", + "sha256:0ca6377b8fca51815f382bd0b697a0814c8bda55115678cbc94c30aacbb6eff2", + "sha256:0cace394b6ea70c01ca1595f839cf193df35d1575986e484ad35c4aeae7266c1", + "sha256:1cb51fe389360f3b5a4d57dbd2848a5f033350336ca3b340d1c53a1fad33bcad", + "sha256:2925720037f06e89af896c70bca73459d7e6a4be96f9de79e2d440bd499fe0db", + "sha256:3e374f59e440d4ab45ca2fffde54b81ac3834cf5ae2cdfa69c90bc03bde04d76", + "sha256:40ae1dffb3967a52203105a077415a86044a2bea011b5f321c6aa64b379a3f51", + "sha256:43498c0bdb43d55cb162cdc8c06fac328ccb5d2eabe3cadeb3529ae6f0517c32", + "sha256:4abfe0be0d7221be4f12552995e58723c7422c80a659da13ca382697de830c08", + "sha256:58b84b91b0b9f4bafac2a0ac55002280c094dfc6402402332c0913a59654ab2b", + "sha256:640cef9aa381b60e296db324337a554aeeb883ead99dc8f6c18e81a93942f5f4", + "sha256:66b479b0bd07204e37583c191535505410daa8df638fd8e75ae1b383851fe921", + "sha256:696039430f7a562b74fa45f540aca068ea85fa34c244d0deee539cb6d70aa288", + "sha256:6d2123dc9ad6a814bcdea0f099885276b31b24f7edf40f6cdbc0912672e22eee", + "sha256:8635c16bf3d99040fdf3ca3db669a7250ddf49c55dc4aa8fe0ae0fa8d6dcc1f0", + "sha256:873d13d177501a28b2756375d59816c365e42ed8417b41665f346289adc68d24", + "sha256:8e5a0b00e1e56a842f922e7fae8ae4077aee4af0acb5ae3622bd4b4c30aedf99", + "sha256:8e90497254aacacbc4ea6ae5e7a8cd75629d6ad2b30025a4a8b09aa4faf55151", + "sha256:9057e6aa78a584bc93a13f0a9bf7e753a5e9770a30b4d758b8d5f2a62a9433cd", + "sha256:90c6fca2acf139569e74e8781709dccb6fe25940488755716d1d354d6bc58bce", + "sha256:92fd6b027924a7e178ac202cfbe25e53368db90d56872d20ffae94b96c7acc57", + "sha256:9dfde2a0ddef507a631dc9dc4af6a9489d5e2e740e226ad426a05cabfbd7c8ef", + "sha256:9e79019aba43cb4fda9e4d983f8e88ca0373adbb697ae9c6c43093218de28b54", + "sha256:a77e9d1c386196879aa5eb712e77461aaee433e54c68cf253053a73b7e49c33a", + "sha256:c7adfc142dac335d8c1e0dcbd37eb8617eac386596eb9e1a1b77791cf2498238", + "sha256:d187d355ecec3629624fccb01d104da7d7f391db0311145817525281e2804d23", + "sha256:ddf818e4e6c7c6f4f7c8a12709696d193976b591cc7dc50588d3d1a6b5dc8772", + "sha256:e9b79011ff7a0f4b1d6da6a61aa1aa604fb312d6647de5bad20013682d1429ce", + "sha256:eee3a87076c0756de40b05c5e9a6069c035ba43e8dd71c379e68cab2c20f16ad" ], "index": "pypi", - "version": "==2.0.2" + "markers": "python_version >= '3.9'", + "version": "==2.2.2" }, "pyparsing": { "hashes": [ - "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb", - "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc" + "sha256:a1bac0ce561155ecc3ed78ca94d3c9378656ad4c94c1270de543f621420f94ad", + "sha256:f9db75911801ed778fe61bb643079ff86601aca99fcae6345aa67292038fb742" ], "markers": "python_full_version >= '3.6.8'", - "version": "==3.0.9" + "version": "==3.1.2" }, "python-dateutil": { "hashes": [ - "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86", - "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9" + "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3", + "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.8.2" + "version": "==2.9.0.post0" }, "pytz": { "hashes": [ - "sha256:1d8ce29db189191fb55338ee6d0387d82ab59f3d00eac103412d64e0ebd0c588", - "sha256:a151b3abb88eda1d4e34a9814df37de2a80e301e68ba0fd856fb9b46bfbbbffb" + "sha256:2a29735ea9c18baf14b448846bde5a48030ed267578472d8955cd0e7443a9812", + "sha256:328171f4e3623139da4983451950b28e95ac706e13f3f2630a879749e7a8b319" ], - "version": "==2023.3" + "version": "==2024.1" }, "rdflib": { "hashes": [ - "sha256:36b4e74a32aa1e4fa7b8719876fb192f19ecd45ff932ea5ebbd2e417a0247e63", - "sha256:72af591ff704f4caacea7ecc0c5a9056b8553e0489dd4f35a9bc52dbd41522e0" + "sha256:6136ae056001474ee2aff5fc5b956e62a11c3a9c66bb0f3d9c0aaa5fbb56854e", + "sha256:b7642daac8cdad1ba157fecb236f5d1b2aa1de64e714dcee80d65e2b794d88a6" ], "index": "pypi", - "version": "==6.3.2" + "markers": "python_version >= '3.7'", + "version": "==6.0.2" }, "requests": { "hashes": [ - "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f", - "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1" + "sha256:f2c3881dddb70d056c5bd7600a4fae312b2a300e39be6a118d30b90bd27262b5", + "sha256:fa5490319474c82ef1d2c9bc459d3652e3ae4ef4c4ebdd18a21145a47ca4b6b8" ], - "markers": "python_version >= '3.7'", - "version": "==2.31.0" + "markers": "python_version >= '3.8'", + "version": "==2.32.0" }, "setuptools": { "hashes": [ - "sha256:6f590d76b713d5de4e49fe4fbca24474469f53c83632d5d0fd056f7ff7e8112b", - "sha256:ac4008d396bc9cd983ea483cb7139c0240a07bbc74ffb6232fceffedc6cf03a8" + "sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987", + "sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32" ], - "markers": "python_version >= '3.7'", - "version": "==66.1.1" + "markers": "python_version >= '3.8'", + "version": "==69.5.1" }, "simplejson": { "hashes": [ - "sha256:081ea6305b3b5e84ae7417e7f45956db5ea3872ec497a584ec86c3260cda049e", - "sha256:08be5a241fdf67a8e05ac7edbd49b07b638ebe4846b560673e196b2a25c94b92", - "sha256:0c16ec6a67a5f66ab004190829eeede01c633936375edcad7cbf06d3241e5865", - "sha256:0ccb2c1877bc9b25bc4f4687169caa925ffda605d7569c40e8e95186e9a5e58b", - "sha256:17a963e8dd4d81061cc05b627677c1f6a12e81345111fbdc5708c9f088d752c9", - "sha256:199a0bcd792811c252d71e3eabb3d4a132b3e85e43ebd93bfd053d5b59a7e78b", - "sha256:1cb19eacb77adc5a9720244d8d0b5507421d117c7ed4f2f9461424a1829e0ceb", - "sha256:203412745fed916fc04566ecef3f2b6c872b52f1e7fb3a6a84451b800fb508c1", - "sha256:2098811cd241429c08b7fc5c9e41fcc3f59f27c2e8d1da2ccdcf6c8e340ab507", - "sha256:22b867205cd258050c2625325fdd9a65f917a5aff22a23387e245ecae4098e78", - "sha256:23fbb7b46d44ed7cbcda689295862851105c7594ae5875dce2a70eeaa498ff86", - "sha256:2541fdb7467ef9bfad1f55b6c52e8ea52b3ce4a0027d37aff094190a955daa9d", - "sha256:3231100edee292da78948fa0a77dee4e5a94a0a60bcba9ed7a9dc77f4d4bb11e", - "sha256:344a5093b71c1b370968d0fbd14d55c9413cb6f0355fdefeb4a322d602d21776", - "sha256:37724c634f93e5caaca04458f267836eb9505d897ab3947b52f33b191bf344f3", - "sha256:3844305bc33d52c4975da07f75b480e17af3558c0d13085eaa6cc2f32882ccf7", - "sha256:390f4a8ca61d90bcf806c3ad644e05fa5890f5b9a72abdd4ca8430cdc1e386fa", - "sha256:3a4480e348000d89cf501b5606415f4d328484bbb431146c2971123d49fd8430", - "sha256:3b652579c21af73879d99c8072c31476788c8c26b5565687fd9db154070d852a", - "sha256:3e0902c278243d6f7223ba3e6c5738614c971fd9a887fff8feaa8dcf7249c8d4", - "sha256:412e58997a30c5deb8cab5858b8e2e5b40ca007079f7010ee74565cc13d19665", - "sha256:44cdb4e544134f305b033ad79ae5c6b9a32e7c58b46d9f55a64e2a883fbbba01", - "sha256:46133bc7dd45c9953e6ee4852e3de3d5a9a4a03b068bd238935a5c72f0a1ce34", - "sha256:46e89f58e4bed107626edce1cf098da3664a336d01fc78fddcfb1f397f553d44", - "sha256:4710806eb75e87919b858af0cba4ffedc01b463edc3982ded7b55143f39e41e1", - "sha256:476c8033abed7b1fd8db62a7600bf18501ce701c1a71179e4ce04ac92c1c5c3c", - "sha256:48600a6e0032bed17c20319d91775f1797d39953ccfd68c27f83c8d7fc3b32cb", - "sha256:4d3025e7e9ddb48813aec2974e1a7e68e63eac911dd5e0a9568775de107ac79a", - "sha256:547ea86ca408a6735335c881a2e6208851027f5bfd678d8f2c92a0f02c7e7330", - "sha256:54fca2b26bcd1c403146fd9461d1da76199442297160721b1d63def2a1b17799", - "sha256:5673d27806085d2a413b3be5f85fad6fca4b7ffd31cfe510bbe65eea52fff571", - "sha256:58ee5e24d6863b22194020eb62673cf8cc69945fcad6b283919490f6e359f7c5", - "sha256:5ca922c61d87b4c38f37aa706520328ffe22d7ac1553ef1cadc73f053a673553", - "sha256:5db86bb82034e055257c8e45228ca3dbce85e38d7bfa84fa7b2838e032a3219c", - "sha256:6277f60848a7d8319d27d2be767a7546bc965535b28070e310b3a9af90604a4c", - "sha256:6424d8229ba62e5dbbc377908cfee9b2edf25abd63b855c21f12ac596cd18e41", - "sha256:65dafe413b15e8895ad42e49210b74a955c9ae65564952b0243a18fb35b986cc", - "sha256:66389b6b6ee46a94a493a933a26008a1bae0cfadeca176933e7ff6556c0ce998", - "sha256:66d780047c31ff316ee305c3f7550f352d87257c756413632303fc59fef19eac", - "sha256:69a8b10a4f81548bc1e06ded0c4a6c9042c0be0d947c53c1ed89703f7e613950", - "sha256:6a561320485017ddfc21bd2ed5de2d70184f754f1c9b1947c55f8e2b0163a268", - "sha256:6aa7ca03f25b23b01629b1c7f78e1cd826a66bfb8809f8977a3635be2ec48f1a", - "sha256:6b79642a599740603ca86cf9df54f57a2013c47e1dd4dd2ae4769af0a6816900", - "sha256:6e7c70f19405e5f99168077b785fe15fcb5f9b3c0b70b0b5c2757ce294922c8c", - "sha256:70128fb92932524c89f373e17221cf9535d7d0c63794955cc3cd5868e19f5d38", - "sha256:73d0904c2471f317386d4ae5c665b16b5c50ab4f3ee7fd3d3b7651e564ad74b1", - "sha256:74bf802debe68627227ddb665c067eb8c73aa68b2476369237adf55c1161b728", - "sha256:79c748aa61fd8098d0472e776743de20fae2686edb80a24f0f6593a77f74fe86", - "sha256:79d46e7e33c3a4ef853a1307b2032cfb7220e1a079d0c65488fbd7118f44935a", - "sha256:7e78d79b10aa92f40f54178ada2b635c960d24fc6141856b926d82f67e56d169", - "sha256:8090e75653ea7db75bc21fa5f7bcf5f7bdf64ea258cbbac45c7065f6324f1b50", - "sha256:87b190e6ceec286219bd6b6f13547ca433f977d4600b4e81739e9ac23b5b9ba9", - "sha256:889328873c35cb0b2b4c83cbb83ec52efee5a05e75002e2c0c46c4e42790e83c", - "sha256:8f8d179393e6f0cf6c7c950576892ea6acbcea0a320838c61968ac7046f59228", - "sha256:919bc5aa4d8094cf8f1371ea9119e5d952f741dc4162810ab714aec948a23fe5", - "sha256:926957b278de22797bfc2f004b15297013843b595b3cd7ecd9e37ccb5fad0b72", - "sha256:93f5ac30607157a0b2579af59a065bcfaa7fadeb4875bf927a8f8b6739c8d910", - "sha256:96ade243fb6f3b57e7bd3b71e90c190cd0f93ec5dce6bf38734a73a2e5fa274f", - "sha256:9f14ecca970d825df0d29d5c6736ff27999ee7bdf5510e807f7ad8845f7760ce", - "sha256:a755f7bfc8adcb94887710dc70cc12a69a454120c6adcc6f251c3f7b46ee6aac", - "sha256:a79b439a6a77649bb8e2f2644e6c9cc0adb720fc55bed63546edea86e1d5c6c8", - "sha256:aa9d614a612ad02492f704fbac636f666fa89295a5d22b4facf2d665fc3b5ea9", - "sha256:ad071cd84a636195f35fa71de2186d717db775f94f985232775794d09f8d9061", - "sha256:b0e9a5e66969f7a47dc500e3dba8edc3b45d4eb31efb855c8647700a3493dd8a", - "sha256:b438e5eaa474365f4faaeeef1ec3e8d5b4e7030706e3e3d6b5bee6049732e0e6", - "sha256:b46aaf0332a8a9c965310058cf3487d705bf672641d2c43a835625b326689cf4", - "sha256:c39fa911e4302eb79c804b221ddec775c3da08833c0a9120041dd322789824de", - "sha256:ca56a6c8c8236d6fe19abb67ef08d76f3c3f46712c49a3b6a5352b6e43e8855f", - "sha256:cb502cde018e93e75dc8fc7bb2d93477ce4f3ac10369f48866c61b5e031db1fd", - "sha256:cd4d50a27b065447c9c399f0bf0a993bd0e6308db8bbbfbc3ea03b41c145775a", - "sha256:d125e754d26c0298715bdc3f8a03a0658ecbe72330be247f4b328d229d8cf67f", - "sha256:d300773b93eed82f6da138fd1d081dc96fbe53d96000a85e41460fe07c8d8b33", - "sha256:d396b610e77b0c438846607cd56418bfc194973b9886550a98fd6724e8c6cfec", - "sha256:d61482b5d18181e6bb4810b4a6a24c63a490c3a20e9fbd7876639653e2b30a1a", - "sha256:d9f2c27f18a0b94107d57294aab3d06d6046ea843ed4a45cae8bd45756749f3a", - "sha256:dc2b3f06430cbd4fac0dae5b2974d2bf14f71b415fb6de017f498950da8159b1", - "sha256:dc935d8322ba9bc7b84f99f40f111809b0473df167bf5b93b89fb719d2c4892b", - "sha256:e333c5b62e93949f5ac27e6758ba53ef6ee4f93e36cc977fe2e3df85c02f6dc4", - "sha256:e765b1f47293dedf77946f0427e03ee45def2862edacd8868c6cf9ab97c8afbd", - "sha256:ed18728b90758d171f0c66c475c24a443ede815cf3f1a91e907b0db0ebc6e508", - "sha256:eff87c68058374e45225089e4538c26329a13499bc0104b52b77f8428eed36b2", - "sha256:f05d05d99fce5537d8f7a0af6417a9afa9af3a6c4bb1ba7359c53b6257625fcb", - "sha256:f253edf694ce836631b350d758d00a8c4011243d58318fbfbe0dd54a6a839ab4", - "sha256:f41915a4e1f059dfad614b187bc06021fefb5fc5255bfe63abf8247d2f7a646a", - "sha256:f96def94576f857abf58e031ce881b5a3fc25cbec64b2bc4824824a8a4367af9" + "sha256:0405984f3ec1d3f8777c4adc33eac7ab7a3e629f3b1c05fdded63acc7cf01137", + "sha256:0436a70d8eb42bea4fe1a1c32d371d9bb3b62c637969cb33970ad624d5a3336a", + "sha256:061e81ea2d62671fa9dea2c2bfbc1eec2617ae7651e366c7b4a2baf0a8c72cae", + "sha256:064300a4ea17d1cd9ea1706aa0590dcb3be81112aac30233823ee494f02cb78a", + "sha256:08889f2f597ae965284d7b52a5c3928653a9406d88c93e3161180f0abc2433ba", + "sha256:0a48679310e1dd5c9f03481799311a65d343748fe86850b7fb41df4e2c00c087", + "sha256:0b0a3eb6dd39cce23801a50c01a0976971498da49bc8a0590ce311492b82c44b", + "sha256:0d2d5119b1d7a1ed286b8af37357116072fc96700bce3bec5bb81b2e7057ab41", + "sha256:0d551dc931638e2102b8549836a1632e6e7cf620af3d093a7456aa642bff601d", + "sha256:1018bd0d70ce85f165185d2227c71e3b1e446186f9fa9f971b69eee223e1e3cd", + "sha256:11c39fbc4280d7420684494373b7c5904fa72a2b48ef543a56c2d412999c9e5d", + "sha256:11cc3afd8160d44582543838b7e4f9aa5e97865322844b75d51bf4e0e413bb3e", + "sha256:1537b3dd62d8aae644f3518c407aa8469e3fd0f179cdf86c5992792713ed717a", + "sha256:16ca9c90da4b1f50f089e14485db8c20cbfff2d55424062791a7392b5a9b3ff9", + "sha256:176a1b524a3bd3314ed47029a86d02d5a95cc0bee15bd3063a1e1ec62b947de6", + "sha256:18955c1da6fc39d957adfa346f75226246b6569e096ac9e40f67d102278c3bcb", + "sha256:1bb5b50dc6dd671eb46a605a3e2eb98deb4a9af787a08fcdddabe5d824bb9664", + "sha256:1c768e7584c45094dca4b334af361e43b0aaa4844c04945ac7d43379eeda9bc2", + "sha256:1dd4f692304854352c3e396e9b5f0a9c9e666868dd0bdc784e2ac4c93092d87b", + "sha256:25785d038281cd106c0d91a68b9930049b6464288cea59ba95b35ee37c2d23a5", + "sha256:287e39ba24e141b046812c880f4619d0ca9e617235d74abc27267194fc0c7835", + "sha256:2c1467d939932901a97ba4f979e8f2642415fcf02ea12f53a4e3206c9c03bc17", + "sha256:2c433a412e96afb9a3ce36fa96c8e61a757af53e9c9192c97392f72871e18e69", + "sha256:2d022b14d7758bfb98405672953fe5c202ea8a9ccf9f6713c5bd0718eba286fd", + "sha256:2f98d918f7f3aaf4b91f2b08c0c92b1774aea113334f7cde4fe40e777114dbe6", + "sha256:2fc697be37585eded0c8581c4788fcfac0e3f84ca635b73a5bf360e28c8ea1a2", + "sha256:3194cd0d2c959062b94094c0a9f8780ffd38417a5322450a0db0ca1a23e7fbd2", + "sha256:332c848f02d71a649272b3f1feccacb7e4f7e6de4a2e6dc70a32645326f3d428", + "sha256:346820ae96aa90c7d52653539a57766f10f33dd4be609206c001432b59ddf89f", + "sha256:3471e95110dcaf901db16063b2e40fb394f8a9e99b3fe9ee3acc6f6ef72183a2", + "sha256:3848427b65e31bea2c11f521b6fc7a3145d6e501a1038529da2391aff5970f2f", + "sha256:39b6d79f5cbfa3eb63a869639cfacf7c41d753c64f7801efc72692c1b2637ac7", + "sha256:3e74355cb47e0cd399ead3477e29e2f50e1540952c22fb3504dda0184fc9819f", + "sha256:3f39bb1f6e620f3e158c8b2eaf1b3e3e54408baca96a02fe891794705e788637", + "sha256:40847f617287a38623507d08cbcb75d51cf9d4f9551dd6321df40215128325a3", + "sha256:4280e460e51f86ad76dc456acdbfa9513bdf329556ffc8c49e0200878ca57816", + "sha256:445a96543948c011a3a47c8e0f9d61e9785df2544ea5be5ab3bc2be4bd8a2565", + "sha256:4969d974d9db826a2c07671273e6b27bc48e940738d768fa8f33b577f0978378", + "sha256:49aaf4546f6023c44d7e7136be84a03a4237f0b2b5fb2b17c3e3770a758fc1a0", + "sha256:49e0e3faf3070abdf71a5c80a97c1afc059b4f45a5aa62de0c2ca0444b51669b", + "sha256:49f9da0d6cd17b600a178439d7d2d57c5ef01f816b1e0e875e8e8b3b42db2693", + "sha256:4a8c3cc4f9dfc33220246760358c8265dad6e1104f25f0077bbca692d616d358", + "sha256:4d36081c0b1c12ea0ed62c202046dca11438bee48dd5240b7c8de8da62c620e9", + "sha256:4edcd0bf70087b244ba77038db23cd98a1ace2f91b4a3ecef22036314d77ac23", + "sha256:554313db34d63eac3b3f42986aa9efddd1a481169c12b7be1e7512edebff8eaf", + "sha256:5675e9d8eeef0aa06093c1ff898413ade042d73dc920a03e8cea2fb68f62445a", + "sha256:60848ab779195b72382841fc3fa4f71698a98d9589b0a081a9399904487b5832", + "sha256:66e5dc13bfb17cd6ee764fc96ccafd6e405daa846a42baab81f4c60e15650414", + "sha256:6779105d2fcb7fcf794a6a2a233787f6bbd4731227333a072d8513b252ed374f", + "sha256:6ad331349b0b9ca6da86064a3599c425c7a21cd41616e175ddba0866da32df48", + "sha256:6f0a0b41dd05eefab547576bed0cf066595f3b20b083956b1405a6f17d1be6ad", + "sha256:73a8a4653f2e809049999d63530180d7b5a344b23a793502413ad1ecea9a0290", + "sha256:778331444917108fa8441f59af45886270d33ce8a23bfc4f9b192c0b2ecef1b3", + "sha256:7cb98be113911cb0ad09e5523d0e2a926c09a465c9abb0784c9269efe4f95917", + "sha256:7d74beca677623481810c7052926365d5f07393c72cbf62d6cce29991b676402", + "sha256:7f2398361508c560d0bf1773af19e9fe644e218f2a814a02210ac2c97ad70db0", + "sha256:8434dcdd347459f9fd9c526117c01fe7ca7b016b6008dddc3c13471098f4f0dc", + "sha256:8a390e56a7963e3946ff2049ee1eb218380e87c8a0e7608f7f8790ba19390867", + "sha256:92c4a4a2b1f4846cd4364855cbac83efc48ff5a7d7c06ba014c792dd96483f6f", + "sha256:9300aee2a8b5992d0f4293d88deb59c218989833e3396c824b69ba330d04a589", + "sha256:9453419ea2ab9b21d925d0fd7e3a132a178a191881fab4169b6f96e118cc25bb", + "sha256:9652e59c022e62a5b58a6f9948b104e5bb96d3b06940c6482588176f40f4914b", + "sha256:972a7833d4a1fcf7a711c939e315721a88b988553fc770a5b6a5a64bd6ebeba3", + "sha256:9c1a4393242e321e344213a90a1e3bf35d2f624aa8b8f6174d43e3c6b0e8f6eb", + "sha256:9e038c615b3906df4c3be8db16b3e24821d26c55177638ea47b3f8f73615111c", + "sha256:9e4c166f743bb42c5fcc60760fb1c3623e8fda94f6619534217b083e08644b46", + "sha256:9eb117db8d7ed733a7317c4215c35993b815bf6aeab67523f1f11e108c040672", + "sha256:9eb442a2442ce417801c912df68e1f6ccfcd41577ae7274953ab3ad24ef7d82c", + "sha256:a3cd18e03b0ee54ea4319cdcce48357719ea487b53f92a469ba8ca8e39df285e", + "sha256:a8617625369d2d03766413bff9e64310feafc9fc4f0ad2b902136f1a5cd8c6b0", + "sha256:a970a2e6d5281d56cacf3dc82081c95c1f4da5a559e52469287457811db6a79b", + "sha256:aad7405c033d32c751d98d3a65801e2797ae77fac284a539f6c3a3e13005edc4", + "sha256:adcb3332979cbc941b8fff07181f06d2b608625edc0a4d8bc3ffc0be414ad0c4", + "sha256:af9c7e6669c4d0ad7362f79cb2ab6784d71147503e62b57e3d95c4a0f222c01c", + "sha256:b01fda3e95d07a6148702a641e5e293b6da7863f8bc9b967f62db9461330562c", + "sha256:b8d940fd28eb34a7084877747a60873956893e377f15a32ad445fe66c972c3b8", + "sha256:bccb3e88ec26ffa90f72229f983d3a5d1155e41a1171190fa723d4135523585b", + "sha256:bcedf4cae0d47839fee7de344f96b5694ca53c786f28b5f773d4f0b265a159eb", + "sha256:be893258d5b68dd3a8cba8deb35dc6411db844a9d35268a8d3793b9d9a256f80", + "sha256:c0521e0f07cb56415fdb3aae0bbd8701eb31a9dfef47bb57206075a0584ab2a2", + "sha256:c594642d6b13d225e10df5c16ee15b3398e21a35ecd6aee824f107a625690374", + "sha256:c87c22bd6a987aca976e3d3e23806d17f65426191db36d40da4ae16a6a494cbc", + "sha256:c9ac1c2678abf9270e7228133e5b77c6c3c930ad33a3c1dfbdd76ff2c33b7b50", + "sha256:d0e5ffc763678d48ecc8da836f2ae2dd1b6eb2d27a48671066f91694e575173c", + "sha256:d0f402e787e6e7ee7876c8b05e2fe6464820d9f35ba3f172e95b5f8b699f6c7f", + "sha256:d222a9ed082cd9f38b58923775152003765016342a12f08f8c123bf893461f28", + "sha256:d94245caa3c61f760c4ce4953cfa76e7739b6f2cbfc94cc46fff6c050c2390c5", + "sha256:de9a2792612ec6def556d1dc621fd6b2073aff015d64fba9f3e53349ad292734", + "sha256:e2f5a398b5e77bb01b23d92872255e1bcb3c0c719a3be40b8df146570fe7781a", + "sha256:e8dd53a8706b15bc0e34f00e6150fbefb35d2fd9235d095b4f83b3c5ed4fa11d", + "sha256:e9eb3cff1b7d71aa50c89a0536f469cb8d6dcdd585d8f14fb8500d822f3bdee4", + "sha256:ed628c1431100b0b65387419551e822987396bee3c088a15d68446d92f554e0c", + "sha256:ef7938a78447174e2616be223f496ddccdbf7854f7bf2ce716dbccd958cc7d13", + "sha256:f1c70249b15e4ce1a7d5340c97670a95f305ca79f376887759b43bb33288c973", + "sha256:f3c7363a8cb8c5238878ec96c5eb0fc5ca2cb11fc0c7d2379863d342c6ee367a", + "sha256:fbbcc6b0639aa09b9649f36f1bcb347b19403fe44109948392fbb5ea69e48c3e", + "sha256:febffa5b1eda6622d44b245b0685aff6fb555ce0ed734e2d7b1c3acd018a2cff", + "sha256:ff836cd4041e16003549449cc0a5e372f6b6f871eb89007ab0ee18fb2800fded" ], "markers": "python_version >= '2.5' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==3.19.1" + "version": "==3.19.2" }, "six": { "hashes": [ @@ -379,6 +433,7 @@ "sha256:827acf0b5b319c1b857c9db0d54907bb438b2b32312d236c891a305ad49b0ba2" ], "index": "pypi", + "markers": "python_version >= '3.6'", "version": "==3.0.1" }, "stix2-patterns": { @@ -397,56 +452,41 @@ "sha256:24900bdd8212813c3bdddebf5cad2213401ba8881d6fe258fb8c1a7b51ffb760", "sha256:d832e7c51c5a01407e50b0e8cb9bbec55642bfee2cbe593d234929deddcf01d9" ], - "index": "pypi", + "markers": "python_version >= '3.5'", "version": "==1.1.5" }, "tzdata": { "hashes": [ - "sha256:11ef1e08e54acb0d4f95bdb1be05da659673de4acbd21bf9c69e94cc5e907a3a", - "sha256:7e65763eef3120314099b6939b5546db7adce1e7d6f2e179e3df563c70511eda" + "sha256:2674120f8d891909751c38abcdfd386ac0a5a1127954fbc332af6b5ceae07efd", + "sha256:9068bc196136463f5245e51efda838afa15aaeca9903f49050dfa2679db4d252" ], "markers": "python_version >= '2'", - "version": "==2023.3" + "version": "==2024.1" }, "urllib3": { "hashes": [ - "sha256:48e7fafa40319d358848e1bc6809b208340fafe2096f1725d05d67443d0483d1", - "sha256:bee28b5e56addb8226c96f7f13ac28cb4c301dd5ea8a6ca179c0b9835e032825" + "sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d", + "sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19" ], - "markers": "python_version >= '3.7'", - "version": "==2.0.3" + "markers": "python_version >= '3.8'", + "version": "==2.2.1" } }, "develop": { - "appnope": { - "hashes": [ - "sha256:02bd91c4de869fbb1e1c50aafc4098827a7a54ab2f39d9dcba6c9547ed920e24", - "sha256:265a455292d0bd8a72453494fa24df5a11eb18373a60c7c0430889f22548605e" - ], - "markers": "sys_platform == 'darwin'", - "version": "==0.1.3" - }, "astroid": { "hashes": [ - "sha256:078e5212f9885fa85fbb0cf0101978a336190aadea6e13305409d099f71b2324", - "sha256:1039262575027b441137ab4a62a793a9b43defb42c32d5670f38686207cd780f" + "sha256:8ead48e31b92b2e217b6c9733a21afafe479d52d6e164dd25fb1a770c7c3cf94", + "sha256:e8a0083b4bb28fcffb6207a3bfc9e5d0a68be951dd7e336d5dcf639c682388c0" ], - "markers": "python_full_version >= '3.7.2'", - "version": "==2.15.5" + "markers": "python_full_version >= '3.8.0'", + "version": "==3.2.2" }, "asttokens": { "hashes": [ - "sha256:4622110b2a6f30b77e1473affaa97e711bc2f07d3f10848420ff1898edbe94f3", - "sha256:6b0ac9e93fb0335014d382b8fa9b3afa7df546984258005da0b9e7095b3deb1c" - ], - "version": "==2.2.1" - }, - "backcall": { - "hashes": [ - "sha256:5cbdbf27be5e7cfadb448baf0aa95508f91f2bbc6c6437cd9cd06e2a4c215e1e", - "sha256:fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255" + "sha256:051ed49c3dcae8913ea7cd08e46a606dba30b79993209636c4875bc1d637bc24", + "sha256:b03869718ba9a6eb027e134bfdf69f38a236d681c83c160d510768af11254ba0" ], - "version": "==0.2.0" + "version": "==2.4.1" }, "decorator": { "hashes": [ @@ -458,18 +498,27 @@ }, "dill": { "hashes": [ - "sha256:a07ffd2351b8c678dfc4a856a3005f8067aea51d6ba6c700796a4d9e280f39f0", - "sha256:e5db55f3687856d8fbdab002ed78544e1c4559a130302693d839dfe8f93f2373" + "sha256:3ebe3c479ad625c4553aca177444d89b486b1d84982eeacded644afc0cf797ca", + "sha256:c36ca9ffb54365bdd2f8eb3eff7d2a21237f8452b57ace88b1ac615b7e815bd7" + ], + "markers": "python_version < '3.11'", + "version": "==0.3.8" + }, + "exceptiongroup": { + "hashes": [ + "sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad", + "sha256:a4785e48b045528f5bfe627b6ad554ff32def154f42372786903b7abcfe1aa16" ], "markers": "python_version < '3.11'", - "version": "==0.3.6" + "version": "==1.2.1" }, "executing": { "hashes": [ - "sha256:0314a69e37426e3608aada02473b4161d4caf5a4b244d1d0c48072b8fee7bacc", - "sha256:19da64c18d2d851112f09c287f8d3dbbdf725ab0e569077efb6cdcbd3497c107" + "sha256:35afe2ce3affba8ee97f2d69927fa823b08b472b7b994e36a52a964b93d16147", + "sha256:eac49ca94516ccc753f9fb5ce82603156e590b27525a8bc32cce8ae302eb61bc" ], - "version": "==1.2.0" + "markers": "python_version >= '3.5'", + "version": "==2.0.1" }, "ipdb": { "hashes": [ @@ -477,81 +526,41 @@ "sha256:e3ac6018ef05126d442af680aad863006ec19d02290561ac88b8b1c0b0cfc726" ], "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.13.13" }, "ipython": { "hashes": [ - "sha256:1d197b907b6ba441b692c48cf2a3a2de280dc0ac91a3405b39349a50272ca0a1", - "sha256:248aca623f5c99a6635bc3857677b7320b9b8039f99f070ee0d20a5ca5a8e6bf" + "sha256:ca6f079bb33457c66e233e4580ebfc4128855b4cf6370dddd73842a9563e8a27", + "sha256:e8267419d72d81955ec1177f8a29aaa90ac80ad647499201119e2f05e99aa397" ], "index": "pypi", - "version": "==8.14.0" + "markers": "python_version >= '3.9'", + "version": "==8.18.1" }, "isort": { "hashes": [ - "sha256:8bef7dde241278824a6d83f44a544709b065191b95b6e50894bdc722fcba0504", - "sha256:f84c2818376e66cf843d497486ea8fed8700b340f308f076c6fb1229dff318b6" + "sha256:48fdfcb9face5d58a4f6dde2e72a1fb8dcaf8ab26f95ab49fab84c2ddefb0109", + "sha256:8ca5e72a8d85860d5a3fa69b8745237f2939afe12dbf656afbcb47fe72d947a6" ], "markers": "python_full_version >= '3.8.0'", - "version": "==5.12.0" + "version": "==5.13.2" }, "jedi": { "hashes": [ - "sha256:203c1fd9d969ab8f2119ec0a3342e0b49910045abe6af0a3ae83a5764d54639e", - "sha256:bae794c30d07f6d910d32a7048af09b5a39ed740918da923c6b780790ebac612" + "sha256:cf0496f3651bc65d7174ac1b7d043eff454892c708a87d1b683e57b569927ffd", + "sha256:e983c654fe5c02867aef4cdfce5a2fbb4a50adc0af145f70504238f18ef5e7e0" ], "markers": "python_version >= '3.6'", - "version": "==0.18.2" - }, - "lazy-object-proxy": { - "hashes": [ - "sha256:09763491ce220c0299688940f8dc2c5d05fd1f45af1e42e636b2e8b2303e4382", - "sha256:0a891e4e41b54fd5b8313b96399f8b0e173bbbfc03c7631f01efbe29bb0bcf82", - "sha256:189bbd5d41ae7a498397287c408617fe5c48633e7755287b21d741f7db2706a9", - "sha256:18b78ec83edbbeb69efdc0e9c1cb41a3b1b1ed11ddd8ded602464c3fc6020494", - "sha256:1aa3de4088c89a1b69f8ec0dcc169aa725b0ff017899ac568fe44ddc1396df46", - "sha256:212774e4dfa851e74d393a2370871e174d7ff0ebc980907723bb67d25c8a7c30", - "sha256:2d0daa332786cf3bb49e10dc6a17a52f6a8f9601b4cf5c295a4f85854d61de63", - "sha256:5f83ac4d83ef0ab017683d715ed356e30dd48a93746309c8f3517e1287523ef4", - "sha256:659fb5809fa4629b8a1ac5106f669cfc7bef26fbb389dda53b3e010d1ac4ebae", - "sha256:660c94ea760b3ce47d1855a30984c78327500493d396eac4dfd8bd82041b22be", - "sha256:66a3de4a3ec06cd8af3f61b8e1ec67614fbb7c995d02fa224813cb7afefee701", - "sha256:721532711daa7db0d8b779b0bb0318fa87af1c10d7fe5e52ef30f8eff254d0cd", - "sha256:7322c3d6f1766d4ef1e51a465f47955f1e8123caee67dd641e67d539a534d006", - "sha256:79a31b086e7e68b24b99b23d57723ef7e2c6d81ed21007b6281ebcd1688acb0a", - "sha256:81fc4d08b062b535d95c9ea70dbe8a335c45c04029878e62d744bdced5141586", - "sha256:8fa02eaab317b1e9e03f69aab1f91e120e7899b392c4fc19807a8278a07a97e8", - "sha256:9090d8e53235aa280fc9239a86ae3ea8ac58eff66a705fa6aa2ec4968b95c821", - "sha256:946d27deaff6cf8452ed0dba83ba38839a87f4f7a9732e8f9fd4107b21e6ff07", - "sha256:9990d8e71b9f6488e91ad25f322898c136b008d87bf852ff65391b004da5e17b", - "sha256:9cd077f3d04a58e83d04b20e334f678c2b0ff9879b9375ed107d5d07ff160171", - "sha256:9e7551208b2aded9c1447453ee366f1c4070602b3d932ace044715d89666899b", - "sha256:9f5fa4a61ce2438267163891961cfd5e32ec97a2c444e5b842d574251ade27d2", - "sha256:b40387277b0ed2d0602b8293b94d7257e17d1479e257b4de114ea11a8cb7f2d7", - "sha256:bfb38f9ffb53b942f2b5954e0f610f1e721ccebe9cce9025a38c8ccf4a5183a4", - "sha256:cbf9b082426036e19c6924a9ce90c740a9861e2bdc27a4834fd0a910742ac1e8", - "sha256:d9e25ef10a39e8afe59a5c348a4dbf29b4868ab76269f81ce1674494e2565a6e", - "sha256:db1c1722726f47e10e0b5fdbf15ac3b8adb58c091d12b3ab713965795036985f", - "sha256:e7c21c95cae3c05c14aafffe2865bbd5e377cfc1348c4f7751d9dc9a48ca4bda", - "sha256:e8c6cfb338b133fbdbc5cfaa10fe3c6aeea827db80c978dbd13bc9dd8526b7d4", - "sha256:ea806fd4c37bf7e7ad82537b0757999264d5f70c45468447bb2b91afdbe73a6e", - "sha256:edd20c5a55acb67c7ed471fa2b5fb66cb17f61430b7a6b9c3b4a1e40293b1671", - "sha256:f0117049dd1d5635bbff65444496c90e0baa48ea405125c088e93d9cf4525b11", - "sha256:f0705c376533ed2a9e5e97aacdbfe04cecd71e0aa84c7c0595d02ef93b6e4455", - "sha256:f12ad7126ae0c98d601a7ee504c1122bcef553d1d5e0c3bfa77b16b3968d2734", - "sha256:f2457189d8257dd41ae9b434ba33298aec198e30adf2dcdaaa3a28b9994f6adb", - "sha256:f699ac1c768270c9e384e4cbd268d6e67aebcfae6cd623b4d7c3bfde5a35db59" - ], - "markers": "python_version >= '3.7'", - "version": "==1.9.0" + "version": "==0.19.1" }, "matplotlib-inline": { "hashes": [ - "sha256:f1f41aab5328aa5aaea9b16d083b128102f8712542f819fe7e6a420ff581b311", - "sha256:f887e5f10ba98e8d2b150ddcf4702c1e5f8b3a20005eb0f74bfdbd360ee6f304" + "sha256:8423b23ec666be3d16e16b60bdd8ac4e86e840ebd1dd11a30b9f117f2fa0ab90", + "sha256:df192d39a4ff8f21b1895d72e6a13f5fcc5099f00fa84384e0ea28c2cc0653ca" ], - "markers": "python_version >= '3.5'", - "version": "==0.1.6" + "markers": "python_version >= '3.8'", + "version": "==0.1.7" }, "mccabe": { "hashes": [ @@ -563,42 +572,35 @@ }, "parso": { "hashes": [ - "sha256:8c07be290bb59f03588915921e29e8a50002acaf2cdc5fa0e0114f91709fafa0", - "sha256:c001d4636cd3aecdaf33cbb40aebb59b094be2a74c556778ef5576c175e19e75" + "sha256:a418670a20291dacd2dddc80c377c5c3791378ee1e8d12bffc35420643d43f18", + "sha256:eb3a7b58240fb99099a345571deecc0f9540ea5f4dd2fe14c2a99d6b281ab92d" ], "markers": "python_version >= '3.6'", - "version": "==0.8.3" + "version": "==0.8.4" }, "pexpect": { "hashes": [ - "sha256:0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937", - "sha256:fc65a43959d153d0114afe13997d439c22823a27cefceb5ff35c2178c6784c0c" + "sha256:7236d1e080e4936be2dc3e326cec0af72acf9212a7e1d060210e70a47e253523", + "sha256:ee7d41123f3c9911050ea2c2dac107568dc43b2d3b0c7557a33212c398ead30f" ], "markers": "sys_platform != 'win32'", - "version": "==4.8.0" - }, - "pickleshare": { - "hashes": [ - "sha256:87683d47965c1da65cdacaf31c8441d12b8044cdec9aca500cd78fc2c683afca", - "sha256:9649af414d74d4df115d5d718f82acb59c9d418196b7b4290ed47a12ce62df56" - ], - "version": "==0.7.5" + "version": "==4.9.0" }, "platformdirs": { "hashes": [ - "sha256:0ade98a4895e87dc51d47151f7d2ec290365a585151d97b4d8d6312ed6132fed", - "sha256:e48fabd87db8f3a7df7150a4a5ea22c546ee8bc39bc2473244730d4b56d2cc4e" + "sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee", + "sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3" ], - "markers": "python_version >= '3.7'", - "version": "==3.5.3" + "markers": "python_version >= '3.8'", + "version": "==4.2.2" }, "prompt-toolkit": { "hashes": [ - "sha256:23ac5d50538a9a38c8bde05fecb47d0b403ecd0662857a86f886f798563d5b9b", - "sha256:45ea77a2f7c60418850331366c81cf6b5b9cf4c7fd34616f733c5427e6abbb1f" + "sha256:3527b7af26106cbc65a040bcc84839a3566ec1b051bb0bfe953631e704b0ff7d", + "sha256:a11a29cb3bf0a28a387fe5122cdb649816a957cd9261dcedf8c9f1fef33eacf6" ], "markers": "python_full_version >= '3.7.0'", - "version": "==3.0.38" + "version": "==3.0.43" }, "ptyprocess": { "hashes": [ @@ -616,19 +618,20 @@ }, "pygments": { "hashes": [ - "sha256:8ace4d3c1dd481894b2005f560ead0f9f19ee64fe983366be1a21e171d12775c", - "sha256:db2db3deb4b4179f399a09054b023b6a586b76499d36965813c71aa8ed7b5fd1" + "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199", + "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a" ], - "markers": "python_version >= '3.7'", - "version": "==2.15.1" + "markers": "python_version >= '3.8'", + "version": "==2.18.0" }, "pylint": { "hashes": [ - "sha256:5dcf1d9e19f41f38e4e85d10f511e5b9c35e1aa74251bf95cdd8cb23584e2db1", - "sha256:7a1145fb08c251bdb5cca11739722ce64a63db479283d10ce718b2460e54123c" + "sha256:3f8788ab20bb8383e06dd2233e50f8e08949cfd9574804564803441a4946eab4", + "sha256:d068ca1dfd735fb92a07d33cb8f288adc0f6bc1287a139ca2425366f7cbe38f8" ], "index": "pypi", - "version": "==2.17.4" + "markers": "python_full_version >= '3.8.0'", + "version": "==3.2.2" }, "six": { "hashes": [ @@ -640,10 +643,10 @@ }, "stack-data": { "hashes": [ - "sha256:32d2dd0376772d01b6cb9fc996f3c8b57a357089dec328ed4b6553d037eaf815", - "sha256:cbb2a53eb64e5785878201a97ed7c7b94883f48b87bfb0bbe8b623c74679e4a8" + "sha256:836a778de4fec4dcd1dcd89ed8abff8a221f58308462e1c4aa2a3cf30148f0b9", + "sha256:d5558e0c25a4cb0853cddad3d77da9891a08cb85dd9f9f91b9f8cd66e511e695" ], - "version": "==0.6.2" + "version": "==0.6.3" }, "tomli": { "hashes": [ @@ -655,115 +658,34 @@ }, "tomlkit": { "hashes": [ - "sha256:8c726c4c202bdb148667835f68d68780b9a003a9ec34167b6c673b38eff2a171", - "sha256:9330fc7faa1db67b541b28e62018c17d20be733177d290a13b24c62d1614e0c3" + "sha256:af914f5a9c59ed9d0762c7b64d3b5d5df007448eb9cd2edc8a46b1eafead172f", + "sha256:eef34fba39834d4d6b73c9ba7f3e4d1c417a4e56f89a7e96e090dd0d24b8fb3c" ], "markers": "python_version >= '3.7'", - "version": "==0.11.8" + "version": "==0.12.5" }, "traitlets": { "hashes": [ - "sha256:9e6ec080259b9a5940c797d58b613b5e31441c2257b87c2e795c5228ae80d2d8", - "sha256:f6cde21a9c68cf756af02035f72d5a723bf607e862e7be33ece505abf4a3bad9" + "sha256:9ed0579d3502c94b4b3732ac120375cda96f923114522847de4b3bb98b96b6b7", + "sha256:b74e89e397b1ed28cc831db7aea759ba6640cb3de13090ca145426688ff1ac4f" ], - "markers": "python_version >= '3.7'", - "version": "==5.9.0" + "markers": "python_version >= '3.8'", + "version": "==5.14.3" }, "typing-extensions": { "hashes": [ - "sha256:88a4153d8505aabbb4e13aacb7c486c2b4a33ca3b3f807914a9b4c844c471c26", - "sha256:d91d5919357fe7f681a9f2b5b4cb2a5f1ef0a1e9f59c4d8ff0d3491e05c0ffd5" + "sha256:83f085bd5ca59c80295fc2a82ab5dac679cbe02b9f33f7d83af68e241bea51b0", + "sha256:c1f94d72897edaf4ce775bb7558d5b79d8126906a14ea5ed1635921406c0387a" ], "markers": "python_version < '3.10'", - "version": "==4.6.3" + "version": "==4.11.0" }, "wcwidth": { "hashes": [ - "sha256:795b138f6875577cd91bba52baf9e445cd5118fd32723b460e30a0af30ea230e", - "sha256:a5220780a404dbe3353789870978e472cfe477761f06ee55077256e509b156d0" - ], - "version": "==0.2.6" - }, - "wrapt": { - "hashes": [ - "sha256:02fce1852f755f44f95af51f69d22e45080102e9d00258053b79367d07af39c0", - "sha256:077ff0d1f9d9e4ce6476c1a924a3332452c1406e59d90a2cf24aeb29eeac9420", - "sha256:078e2a1a86544e644a68422f881c48b84fef6d18f8c7a957ffd3f2e0a74a0d4a", - "sha256:0970ddb69bba00670e58955f8019bec4a42d1785db3faa043c33d81de2bf843c", - "sha256:1286eb30261894e4c70d124d44b7fd07825340869945c79d05bda53a40caa079", - "sha256:21f6d9a0d5b3a207cdf7acf8e58d7d13d463e639f0c7e01d82cdb671e6cb7923", - "sha256:230ae493696a371f1dbffaad3dafbb742a4d27a0afd2b1aecebe52b740167e7f", - "sha256:26458da5653aa5b3d8dc8b24192f574a58984c749401f98fff994d41d3f08da1", - "sha256:2cf56d0e237280baed46f0b5316661da892565ff58309d4d2ed7dba763d984b8", - "sha256:2e51de54d4fb8fb50d6ee8327f9828306a959ae394d3e01a1ba8b2f937747d86", - "sha256:2fbfbca668dd15b744418265a9607baa970c347eefd0db6a518aaf0cfbd153c0", - "sha256:38adf7198f8f154502883242f9fe7333ab05a5b02de7d83aa2d88ea621f13364", - "sha256:3a8564f283394634a7a7054b7983e47dbf39c07712d7b177b37e03f2467a024e", - "sha256:3abbe948c3cbde2689370a262a8d04e32ec2dd4f27103669a45c6929bcdbfe7c", - "sha256:3bbe623731d03b186b3d6b0d6f51865bf598587c38d6f7b0be2e27414f7f214e", - "sha256:40737a081d7497efea35ab9304b829b857f21558acfc7b3272f908d33b0d9d4c", - "sha256:41d07d029dd4157ae27beab04d22b8e261eddfc6ecd64ff7000b10dc8b3a5727", - "sha256:46ed616d5fb42f98630ed70c3529541408166c22cdfd4540b88d5f21006b0eff", - "sha256:493d389a2b63c88ad56cdc35d0fa5752daac56ca755805b1b0c530f785767d5e", - "sha256:4ff0d20f2e670800d3ed2b220d40984162089a6e2c9646fdb09b85e6f9a8fc29", - "sha256:54accd4b8bc202966bafafd16e69da9d5640ff92389d33d28555c5fd4f25ccb7", - "sha256:56374914b132c702aa9aa9959c550004b8847148f95e1b824772d453ac204a72", - "sha256:578383d740457fa790fdf85e6d346fda1416a40549fe8db08e5e9bd281c6a475", - "sha256:58d7a75d731e8c63614222bcb21dd992b4ab01a399f1f09dd82af17bbfc2368a", - "sha256:5c5aa28df055697d7c37d2099a7bc09f559d5053c3349b1ad0c39000e611d317", - "sha256:5fc8e02f5984a55d2c653f5fea93531e9836abbd84342c1d1e17abc4a15084c2", - "sha256:63424c681923b9f3bfbc5e3205aafe790904053d42ddcc08542181a30a7a51bd", - "sha256:64b1df0f83706b4ef4cfb4fb0e4c2669100fd7ecacfb59e091fad300d4e04640", - "sha256:74934ebd71950e3db69960a7da29204f89624dde411afbfb3b4858c1409b1e98", - "sha256:75669d77bb2c071333417617a235324a1618dba66f82a750362eccbe5b61d248", - "sha256:75760a47c06b5974aa5e01949bf7e66d2af4d08cb8c1d6516af5e39595397f5e", - "sha256:76407ab327158c510f44ded207e2f76b657303e17cb7a572ffe2f5a8a48aa04d", - "sha256:76e9c727a874b4856d11a32fb0b389afc61ce8aaf281ada613713ddeadd1cfec", - "sha256:77d4c1b881076c3ba173484dfa53d3582c1c8ff1f914c6461ab70c8428b796c1", - "sha256:780c82a41dc493b62fc5884fb1d3a3b81106642c5c5c78d6a0d4cbe96d62ba7e", - "sha256:7dc0713bf81287a00516ef43137273b23ee414fe41a3c14be10dd95ed98a2df9", - "sha256:7eebcdbe3677e58dd4c0e03b4f2cfa346ed4049687d839adad68cc38bb559c92", - "sha256:896689fddba4f23ef7c718279e42f8834041a21342d95e56922e1c10c0cc7afb", - "sha256:96177eb5645b1c6985f5c11d03fc2dbda9ad24ec0f3a46dcce91445747e15094", - "sha256:96e25c8603a155559231c19c0349245eeb4ac0096fe3c1d0be5c47e075bd4f46", - "sha256:9d37ac69edc5614b90516807de32d08cb8e7b12260a285ee330955604ed9dd29", - "sha256:9ed6aa0726b9b60911f4aed8ec5b8dd7bf3491476015819f56473ffaef8959bd", - "sha256:a487f72a25904e2b4bbc0817ce7a8de94363bd7e79890510174da9d901c38705", - "sha256:a4cbb9ff5795cd66f0066bdf5947f170f5d63a9274f99bdbca02fd973adcf2a8", - "sha256:a74d56552ddbde46c246b5b89199cb3fd182f9c346c784e1a93e4dc3f5ec9975", - "sha256:a89ce3fd220ff144bd9d54da333ec0de0399b52c9ac3d2ce34b569cf1a5748fb", - "sha256:abd52a09d03adf9c763d706df707c343293d5d106aea53483e0ec8d9e310ad5e", - "sha256:abd8f36c99512755b8456047b7be10372fca271bf1467a1caa88db991e7c421b", - "sha256:af5bd9ccb188f6a5fdda9f1f09d9f4c86cc8a539bd48a0bfdc97723970348418", - "sha256:b02f21c1e2074943312d03d243ac4388319f2456576b2c6023041c4d57cd7019", - "sha256:b06fa97478a5f478fb05e1980980a7cdf2712015493b44d0c87606c1513ed5b1", - "sha256:b0724f05c396b0a4c36a3226c31648385deb6a65d8992644c12a4963c70326ba", - "sha256:b130fe77361d6771ecf5a219d8e0817d61b236b7d8b37cc045172e574ed219e6", - "sha256:b56d5519e470d3f2fe4aa7585f0632b060d532d0696c5bdfb5e8319e1d0f69a2", - "sha256:b67b819628e3b748fd3c2192c15fb951f549d0f47c0449af0764d7647302fda3", - "sha256:ba1711cda2d30634a7e452fc79eabcadaffedf241ff206db2ee93dd2c89a60e7", - "sha256:bbeccb1aa40ab88cd29e6c7d8585582c99548f55f9b2581dfc5ba68c59a85752", - "sha256:bd84395aab8e4d36263cd1b9308cd504f6cf713b7d6d3ce25ea55670baec5416", - "sha256:c99f4309f5145b93eca6e35ac1a988f0dc0a7ccf9ccdcd78d3c0adf57224e62f", - "sha256:ca1cccf838cd28d5a0883b342474c630ac48cac5df0ee6eacc9c7290f76b11c1", - "sha256:cd525e0e52a5ff16653a3fc9e3dd827981917d34996600bbc34c05d048ca35cc", - "sha256:cdb4f085756c96a3af04e6eca7f08b1345e94b53af8921b25c72f096e704e145", - "sha256:ce42618f67741d4697684e501ef02f29e758a123aa2d669e2d964ff734ee00ee", - "sha256:d06730c6aed78cee4126234cf2d071e01b44b915e725a6cb439a879ec9754a3a", - "sha256:d5fe3e099cf07d0fb5a1e23d399e5d4d1ca3e6dfcbe5c8570ccff3e9208274f7", - "sha256:d6bcbfc99f55655c3d93feb7ef3800bd5bbe963a755687cbf1f490a71fb7794b", - "sha256:d787272ed958a05b2c86311d3a4135d3c2aeea4fc655705f074130aa57d71653", - "sha256:e169e957c33576f47e21864cf3fc9ff47c223a4ebca8960079b8bd36cb014fd0", - "sha256:e20076a211cd6f9b44a6be58f7eeafa7ab5720eb796975d0c03f05b47d89eb90", - "sha256:e826aadda3cae59295b95343db8f3d965fb31059da7de01ee8d1c40a60398b29", - "sha256:eef4d64c650f33347c1f9266fa5ae001440b232ad9b98f1f43dfe7a79435c0a6", - "sha256:f2e69b3ed24544b0d3dbe2c5c0ba5153ce50dcebb576fdc4696d52aa22db6034", - "sha256:f87ec75864c37c4c6cb908d282e1969e79763e0d9becdfe9fe5473b7bb1e5f09", - "sha256:fbec11614dba0424ca72f4e8ba3c420dba07b4a7c206c8c8e4e73f2e98f4c559", - "sha256:fd69666217b62fa5d7c6aa88e507493a34dec4fa20c5bd925e4bc12fce586639" + "sha256:3da69048e4540d84af32131829ff948f1e022c1c6bdb8d6102117aac784f6859", + "sha256:72ea0c06399eb286d978fdedb6923a9eb47e1c486ce63e9b4e64fc18303972b5" ], - "markers": "python_version < '3.11'", - "version": "==1.15.0" + "version": "==0.2.13" } } } diff --git a/src/ontology/d3fend-protege.ttl b/src/ontology/d3fend-protege.ttl index c6b5999f..abf679da 100644 --- a/src/ontology/d3fend-protege.ttl +++ b/src/ontology/d3fend-protege.ttl @@ -3064,13 +3064,7647 @@ DHHS, National Health Security Review 2010- 2014, Terms, Jan 17""" ; owl:onProperty :version ; owl:someValuesFrom xsd:string ] . +:CAPEC-1 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Accessing Functionality Not Properly Constrained by ACLs" ; + rdfs:subClassOf :CAPEC-122, + :CommonAttackPattern ; + :capec-id "CAPEC-1" ; + :definition "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to." ; + rdfs:seeAlso ; + :related :CWE-276, + :CWE-285, + :CWE-434, + :CWE-693, + :CWE-732, + :CWE-1191, + :CWE-1193, + :CWE-1220, + :CWE-1297, + :CWE-1311, + :CWE-1314, + :CWE-1315, + :CWE-1318, + :CWE-1320, + :CWE-1321, + :CWE-1327, + :T1574.010 . + +:CAPEC-2 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Inducing Account Lockout" ; + rdfs:subClassOf :CAPEC-212, + :CommonAttackPattern ; + :capec-id "CAPEC-2" ; + :definition "An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks." ; + rdfs:seeAlso ; + :related :CWE-645, + :T1531 . + +:CAPEC-3 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Leading 'Ghost' Character Sequences to Bypass Input Filters" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-3" ; + :definition "Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading \"ghost\" characters (extra characters that don't affect the validity of the request at the API layer) that enable the input to pass the filters and therefore process the adversary's input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-41, + :CWE-74, + :CWE-172, + :CWE-173, + :CWE-179, + :CWE-180, + :CWE-181, + :CWE-183, + :CWE-184, + :CWE-697, + :CWE-707 . + +:CAPEC-4 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Alternative IP Address Encodings" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-4" ; + :definition "This attack relies on the adversary using unexpected formats for representing IP addresses. Networked applications may expect network location information in a specific format, such as fully qualified domains names (FQDNs), URL, IP address, or IP Address ranges. If the location information is not validated against a variety of different possible encodings and formats, the adversary can use an alternate format to bypass application access control." ; + rdfs:seeAlso ; + :related :CWE-173, + :CWE-291 . + +:CAPEC-5 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + owl:deprecated true ; + rdfs:label "Blue Boxing" ; + rdfs:subClassOf :CAPEC-220, + :CommonAttackPattern ; + rdfs:comment "This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions." ; + :capec-id "CAPEC-5" ; + rdfs:seeAlso ; + :related :CWE-285 . + +:CAPEC-6 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Argument Injection" ; + rdfs:subClassOf :CAPEC-137, + :CommonAttackPattern ; + :capec-id "CAPEC-6" ; + :definition "An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods." ; + rdfs:seeAlso ; + :related :CWE-74, + :CWE-78, + :CWE-146, + :CWE-184, + :CWE-185, + :CWE-697 . + +:CAPEC-7 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Blind SQL Injection" ; + rdfs:subClassOf :CAPEC-66, + :CommonAttackPattern ; + :capec-id "CAPEC-7" ; + :definition "Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-89, + :CWE-209, + :CWE-697, + :CWE-707 . + +:CAPEC-8 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Buffer Overflow in an API Call" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-8" ; + :definition "This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process." ; + rdfs:seeAlso ; + :related :CAPEC-46, + :CWE-20, + :CWE-74, + :CWE-118, + :CWE-119, + :CWE-120, + :CWE-680, + :CWE-697, + :CWE-733 . + +:CAPEC-9 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Buffer Overflow in Local Command-Line Utilities" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-9" ; + :definition "This attack targets command-line utilities available in a number of shells. An adversary can leverage a vulnerability found in a command-line utility to escalate privilege to root." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-118, + :CWE-119, + :CWE-120, + :CWE-680, + :CWE-697, + :CWE-733 . + +:CAPEC-10 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Buffer Overflow via Environment Variables" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-10" ; + :definition "This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables." ; + rdfs:seeAlso ; + :related :CAPEC-13, + :CAPEC-46, + :CWE-20, + :CWE-74, + :CWE-99, + :CWE-118, + :CWE-119, + :CWE-120, + :CWE-302, + :CWE-680, + :CWE-697, + :CWE-733 . + +:CAPEC-11 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Cause Web Server Misclassification" ; + rdfs:subClassOf :CAPEC-635, + :CommonAttackPattern ; + :capec-id "CAPEC-11" ; + :definition "An attack of this type exploits a Web server's decision to take action based on filename or file extension. Because different file types are handled by different server processes, misclassification may force the Web server to take unexpected action, or expected actions in an unexpected sequence. This may cause the server to exhaust resources, supply debug or system data to the attacker, or bind an attacker to a remote process." ; + rdfs:seeAlso ; + :related :CWE-430, + :T1036.006 . + +:CAPEC-12 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Choosing Message Identifier" ; + rdfs:subClassOf :CAPEC-216, + :CommonAttackPattern ; + :capec-id "CAPEC-12" ; + :definition "This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one." ; + rdfs:seeAlso ; + :related :CAPEC-21, + :CWE-201, + :CWE-306 . + +:CAPEC-13 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Subverting Environment Variable Values" ; + rdfs:subClassOf :CAPEC-77, + :CommonAttackPattern ; + :capec-id "CAPEC-13" ; + :definition "The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary." ; + rdfs:seeAlso ; + :related :CAPEC-10, + :CWE-15, + :CWE-20, + :CWE-73, + :CWE-74, + :CWE-200, + :CWE-285, + :CWE-302, + :CWE-353, + :T1562.003, + :T1574.006, + :T1574.007 . + +:CAPEC-14 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Client-side Injection-induced Buffer Overflow" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-14" ; + :definition "This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-118, + :CWE-119, + :CWE-120, + :CWE-353, + :CWE-680, + :CWE-697 . + +:CAPEC-15 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Command Delimiters" ; + rdfs:subClassOf :CAPEC-137, + :CommonAttackPattern ; + :capec-id "CAPEC-15" ; + :definition "An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on." ; + rdfs:seeAlso ; + :related :CWE-77, + :CWE-78, + :CWE-93, + :CWE-138, + :CWE-140, + :CWE-146, + :CWE-154, + :CWE-157, + :CWE-184, + :CWE-185, + :CWE-697 . + +:CAPEC-16 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Dictionary-based Password Attack" ; + rdfs:subClassOf :CAPEC-49, + :CommonAttackPattern ; + :capec-id "CAPEC-16" ; + :definition "An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern." ; + rdfs:seeAlso ; + :related :CWE-262, + :CWE-263, + :CWE-307, + :CWE-308, + :CWE-309, + :CWE-521, + :CWE-654 . + +:CAPEC-17 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Malicious Files" ; + rdfs:subClassOf :CAPEC-122, + :CommonAttackPattern ; + :capec-id "CAPEC-17" ; + :definition "An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface." ; + rdfs:seeAlso ; + :related :CWE-59, + :CWE-270, + :CWE-272, + :CWE-282, + :CWE-285, + :CWE-693, + :CWE-732, + :T1574.005, + :T1574.010 . + +:CAPEC-18 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "XSS Targeting Non-Script Elements" ; + rdfs:subClassOf :CAPEC-588, + :CAPEC-591, + :CAPEC-592, + :CommonAttackPattern ; + :capec-id "CAPEC-18" ; + :definition "This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an adversary to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote adversary to collect and interpret the output of said attack." ; + rdfs:seeAlso ; + :related :CWE-80 . + +:CAPEC-19 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Embedding Scripts within Scripts" ; + rdfs:subClassOf :CAPEC-242, + :CommonAttackPattern ; + :capec-id "CAPEC-19" ; + :definition "An adversary leverages the capability to execute their own script by embedding it within other scripts that the target software is likely to execute due to programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts." ; + rdfs:seeAlso ; + :related :CWE-284, + :T1027.009, + :T1546.004, + :T1546.016 . + +:CAPEC-20 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Encryption Brute Forcing" ; + rdfs:subClassOf :CAPEC-112, + :CommonAttackPattern ; + :capec-id "CAPEC-20" ; + :definition "An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext." ; + rdfs:seeAlso ; + :related :CWE-326, + :CWE-327, + :CWE-693, + :CWE-1204 . + +:CAPEC-21 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Exploitation of Trusted Identifiers" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-21" ; + :definition "An adversary guesses, obtains, or \"rides\" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service." ; + rdfs:seeAlso ; + :related :CAPEC-12, + :CWE-6, + :CWE-290, + :CWE-302, + :CWE-346, + :CWE-384, + :CWE-539, + :CWE-602, + :CWE-642, + :CWE-664, + :T1134, + :T1528, + :T1539 . + +:CAPEC-22 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Exploiting Trust in Client" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-22" ; + :definition "An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-200, + :CWE-287, + :CWE-290, + :CWE-693 . + +:CAPEC-23 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "File Content Injection" ; + rdfs:subClassOf :CAPEC-242, + :CommonAttackPattern ; + :capec-id "CAPEC-23" ; + :definition "An adversary poisons files with a malicious payload (targeting the file systems accessible by the target software), which may be passed through by standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes, in order to exploit the host's trust in executing remote content, including binary files." ; + rdfs:seeAlso ; + :related :CAPEC-35, + :CWE-20 . + +:CAPEC-24 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Filter Failure through Buffer Overflow" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-24" ; + :definition "In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered)." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-118, + :CWE-119, + :CWE-120, + :CWE-680, + :CWE-697, + :CWE-733 . + +:CAPEC-25 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Forced Deadlock" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-25" ; + :definition "The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect." ; + rdfs:seeAlso ; + :related :CWE-412, + :CWE-567, + :CWE-662, + :CWE-667, + :CWE-833, + :CWE-1322, + :T1499.004 . + +:CAPEC-26 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Leveraging Race Conditions" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-26" ; + :definition "The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by \"running the race\", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file." ; + rdfs:seeAlso ; + :related :CWE-362, + :CWE-363, + :CWE-366, + :CWE-368, + :CWE-370, + :CWE-662, + :CWE-665, + :CWE-667, + :CWE-689, + :CWE-1223, + :CWE-1254, + :CWE-1298 . + +:CAPEC-27 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Leveraging Race Conditions via Symbolic Links" ; + rdfs:subClassOf :CAPEC-29, + :CommonAttackPattern ; + :capec-id "CAPEC-27" ; + :definition "This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file." ; + rdfs:seeAlso ; + :related :CWE-61, + :CWE-367, + :CWE-662, + :CWE-667, + :CWE-689 . + +:CAPEC-28 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Fuzzing" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-28" ; + :definition "In this attack pattern, the adversary leverages fuzzing to try to identify weaknesses in the system. Fuzzing is a software security and functionality testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. Fuzzing can help an attacker discover certain assumptions made about user input in the system. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions despite not necessarily knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve their goals." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74 . + +:CAPEC-29 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions" ; + rdfs:subClassOf :CAPEC-26, + :CommonAttackPattern ; + :capec-id "CAPEC-29" ; + :definition "This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by \"running the race\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly." ; + rdfs:seeAlso ; + :related :CWE-362, + :CWE-366, + :CWE-367, + :CWE-368, + :CWE-370, + :CWE-662, + :CWE-663, + :CWE-665, + :CWE-691 . + +:CAPEC-30 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Hijacking a Privileged Thread of Execution" ; + rdfs:subClassOf :CAPEC-233, + :CommonAttackPattern ; + :capec-id "CAPEC-30" ; + :definition "An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory." ; + rdfs:seeAlso ; + :related :CWE-270, + :T1055.003 . + +:CAPEC-31 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Accessing/Intercepting/Modifying HTTP Cookies" ; + rdfs:subClassOf :CAPEC-39, + :CAPEC-157, + :CommonAttackPattern ; + :capec-id "CAPEC-31" ; + :definition "This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-113, + :CWE-302, + :CWE-311, + :CWE-315, + :CWE-384, + :CWE-472, + :CWE-539, + :CWE-565, + :CWE-602, + :CWE-642, + :T1539 . + +:CAPEC-32 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "XSS Through HTTP Query Strings" ; + rdfs:subClassOf :CAPEC-588, + :CAPEC-591, + :CAPEC-592, + :CommonAttackPattern ; + :capec-id "CAPEC-32" ; + :definition "An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application. The web application then procedes to use the values parameters without properly validation them first and generates the HTML code that will be executed by the victim's browser." ; + rdfs:seeAlso ; + :related :CWE-80 . + +:CAPEC-33 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "HTTP Request Smuggling" ; + rdfs:subClassOf :CAPEC-220, + :CommonAttackPattern ; + :capec-id "CAPEC-33" ; + :definition "An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server)." ; + rdfs:seeAlso ; + :related :CAPEC-273, + :CWE-444 . + +:CAPEC-34 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "HTTP Response Splitting" ; + rdfs:subClassOf :CAPEC-220, + :CommonAttackPattern ; + :capec-id "CAPEC-34" ; + :definition "An adversary manipulates and injects malicious content, in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., web server) or into an already spoofed HTTP response from an adversary controlled domain/site." ; + rdfs:seeAlso ; + :related :CAPEC-105, + :CWE-74, + :CWE-113, + :CWE-138, + :CWE-436 . + +:CAPEC-35 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Leverage Executable Code in Non-Executable Files" ; + rdfs:subClassOf :CAPEC-636, + :CommonAttackPattern ; + :capec-id "CAPEC-35" ; + :definition "An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high." ; + rdfs:seeAlso ; + :related :CAPEC-23, + :CAPEC-75, + :CWE-59, + :CWE-94, + :CWE-95, + :CWE-96, + :CWE-97, + :CWE-270, + :CWE-272, + :CWE-282, + :T1027.006, + :T1027.009, + :T1564.009 . + +:CAPEC-36 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Unpublished Interfaces or Functionality" ; + rdfs:subClassOf :CAPEC-113, + :CommonAttackPattern ; + :capec-id "CAPEC-36" ; + :definition "An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for." ; + rdfs:seeAlso ; + :related :CWE-306, + :CWE-693, + :CWE-695, + :CWE-1242 . + +:CAPEC-37 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Retrieve Embedded Sensitive Data" ; + rdfs:subClassOf :CAPEC-167, + :CommonAttackPattern ; + :capec-id "CAPEC-37" ; + :definition "An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack." ; + rdfs:seeAlso ; + :related :CWE-226, + :CWE-311, + :CWE-312, + :CWE-314, + :CWE-315, + :CWE-318, + :CWE-525, + :CWE-1239, + :CWE-1258, + :CWE-1266, + :CWE-1272, + :CWE-1278, + :CWE-1301, + :CWE-1330, + :T1005, + :T1552.004 . + +:CAPEC-38 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Leveraging/Manipulating Configuration File Search Paths" ; + rdfs:subClassOf :CAPEC-159, + :CommonAttackPattern ; + :capec-id "CAPEC-38" ; + :definition "This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker." ; + rdfs:seeAlso ; + :related :CWE-426, + :CWE-427, + :T1574.007, + :T1574.009 . + +:CAPEC-39 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Manipulating Opaque Client-based Data Tokens" ; + rdfs:subClassOf :CAPEC-22, + :CommonAttackPattern ; + :capec-id "CAPEC-39" ; + :definition "In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation." ; + rdfs:seeAlso ; + :related :CWE-233, + :CWE-285, + :CWE-302, + :CWE-315, + :CWE-353, + :CWE-384, + :CWE-472, + :CWE-539, + :CWE-565 . + +:CAPEC-40 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Manipulating Writeable Terminal Devices" ; + rdfs:subClassOf :CAPEC-248, + :CommonAttackPattern ; + :capec-id "CAPEC-40" ; + :definition "This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded." ; + rdfs:seeAlso ; + :related :CWE-77 . + +:CAPEC-41 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Meta-characters in E-mail Headers to Inject Malicious Payloads" ; + rdfs:subClassOf :CAPEC-134, + :CAPEC-242, + :CommonAttackPattern ; + :capec-id "CAPEC-41" ; + :definition "This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user's system." ; + rdfs:seeAlso ; + :related :CWE-88, + :CWE-150, + :CWE-697 . + +:CAPEC-42 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "MIME Conversion" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-42" ; + :definition "An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-119, + :CWE-120 . + +:CAPEC-43 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Exploiting Multiple Input Interpretation Layers" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-43" ; + :definition "An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a \"layer\" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: --> --> . In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-77, + :CWE-78, + :CWE-179, + :CWE-181, + :CWE-183, + :CWE-184, + :CWE-697, + :CWE-707 . + +:CAPEC-44 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Overflow Binary Resource File" ; + rdfs:subClassOf :CAPEC-23, + :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-44" ; + :definition "An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the adversary access to the execution stack and execute arbitrary code in the target process." ; + rdfs:seeAlso ; + :related :CWE-119, + :CWE-120, + :CWE-697 . + +:CAPEC-45 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Buffer Overflow via Symbolic Links" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-45" ; + :definition "This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-118, + :CWE-119, + :CWE-120, + :CWE-285, + :CWE-302, + :CWE-680, + :CWE-697 . + +:CAPEC-46 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Overflow Variables and Tags" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-46" ; + :definition "This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The adversary crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow." ; + rdfs:seeAlso ; + :related :CAPEC-8, + :CAPEC-10, + :CWE-20, + :CWE-74, + :CWE-118, + :CWE-119, + :CWE-120, + :CWE-680, + :CWE-697, + :CWE-733 . + +:CAPEC-47 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Buffer Overflow via Parameter Expansion" ; + rdfs:subClassOf :CAPEC-100, + :CommonAttackPattern ; + :capec-id "CAPEC-47" ; + :definition "In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-118, + :CWE-119, + :CWE-120, + :CWE-130, + :CWE-131, + :CWE-680, + :CWE-697 . + +:CAPEC-48 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Passing Local Filenames to Functions That Expect a URL" ; + rdfs:subClassOf :CAPEC-212, + :CommonAttackPattern ; + :capec-id "CAPEC-48" ; + :definition "This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks." ; + rdfs:seeAlso ; + :related :CWE-241, + :CWE-706 . + +:CAPEC-49 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Password Brute Forcing" ; + rdfs:subClassOf :CAPEC-112, + :CommonAttackPattern ; + :capec-id "CAPEC-49" ; + :definition "An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password." ; + rdfs:seeAlso ; + :related :CWE-257, + :CWE-262, + :CWE-263, + :CWE-307, + :CWE-308, + :CWE-309, + :CWE-521, + :CWE-654, + :T1110.001 . + +:CAPEC-50 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Password Recovery Exploitation" ; + rdfs:subClassOf :CAPEC-212, + :CommonAttackPattern ; + :capec-id "CAPEC-50" ; + :definition "An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure." ; + rdfs:seeAlso ; + :related :CWE-522, + :CWE-640 . + +:CAPEC-51 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Poison Web Service Registry" ; + rdfs:subClassOf :CAPEC-203, + :CommonAttackPattern ; + :capec-id "CAPEC-51" ; + :definition "SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata, and delete information about service provider interfaces." ; + rdfs:seeAlso ; + :related :CWE-74, + :CWE-285, + :CWE-693 . + +:CAPEC-52 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Embedding NULL Bytes" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-52" ; + :definition "An adversary embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s)." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-158, + :CWE-172, + :CWE-173, + :CWE-697, + :CWE-707 . + +:CAPEC-53 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Postfix, Null Terminate, and Backslash" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-53" ; + :definition "If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an adversary to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-158, + :CWE-172, + :CWE-173, + :CWE-697, + :CWE-707 . + +:CAPEC-54 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Query System for Information" ; + rdfs:subClassOf :CAPEC-116, + :CommonAttackPattern ; + :capec-id "CAPEC-54" ; + :definition "An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide." ; + rdfs:seeAlso ; + :related :CWE-209 . + +:CAPEC-55 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Rainbow Table Password Cracking" ; + rdfs:subClassOf :CAPEC-49, + :CommonAttackPattern ; + :capec-id "CAPEC-55" ; + :definition "An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system." ; + rdfs:seeAlso ; + :related :CWE-261, + :CWE-262, + :CWE-263, + :CWE-308, + :CWE-309, + :CWE-521, + :CWE-654, + :CWE-916, + :T1110.002 . + +:CAPEC-56 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + owl:deprecated true ; + rdfs:label "DEPRECATED: Removing/short-circuiting 'guard logic'" ; + rdfs:subClassOf :CommonAttackPattern ; + rdfs:comment "This attack pattern has been deprecated as it is a duplicate of CAPEC-207 : Removing Important Client Functionality. Please refer to this other pattern going forward." ; + :capec-id "CAPEC-56" ; + rdfs:seeAlso . + +:CAPEC-57 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Utilizing REST's Trust in the System Resource to Obtain Sensitive Data" ; + rdfs:subClassOf :CAPEC-157, + :CommonAttackPattern ; + :capec-id "CAPEC-57" ; + :definition "This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated." ; + rdfs:seeAlso ; + :related :CWE-287, + :CWE-300, + :CWE-693, + :T1040 . + +:CAPEC-58 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Restful Privilege Elevation" ; + rdfs:subClassOf :CAPEC-1, + :CAPEC-180, + :CommonAttackPattern ; + :capec-id "CAPEC-58" ; + :definition "An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages." ; + rdfs:seeAlso ; + :related :CWE-267, + :CWE-269 . + +:CAPEC-59 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Session Credential Falsification through Prediction" ; + rdfs:subClassOf :CAPEC-196, + :CommonAttackPattern ; + :capec-id "CAPEC-59" ; + :definition "This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking." ; + rdfs:seeAlso ; + :related :CWE-6, + :CWE-200, + :CWE-285, + :CWE-290, + :CWE-330, + :CWE-331, + :CWE-346, + :CWE-384, + :CWE-488, + :CWE-539, + :CWE-693 . + +:CAPEC-60 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Reusing Session IDs (aka Session Replay)" ; + rdfs:subClassOf :CAPEC-593, + :CommonAttackPattern ; + :capec-id "CAPEC-60" ; + :definition "This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay." ; + rdfs:seeAlso ; + :related :CWE-200, + :CWE-285, + :CWE-290, + :CWE-294, + :CWE-346, + :CWE-384, + :CWE-488, + :CWE-539, + :CWE-664, + :CWE-732, + :T1134.001, + :T1550.004 . + +:CAPEC-61 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Session Fixation" ; + rdfs:subClassOf :CAPEC-593, + :CommonAttackPattern ; + :capec-id "CAPEC-61" ; + :definition "The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation." ; + rdfs:seeAlso ; + :related :CWE-384, + :CWE-664, + :CWE-732 . + +:CAPEC-62 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Cross Site Request Forgery" ; + rdfs:subClassOf :CAPEC-21, + :CommonAttackPattern ; + :capec-id "CAPEC-62" ; + :definition "An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply \"riding\" the existing session cookie." ; + rdfs:seeAlso ; + :related :CWE-306, + :CWE-352, + :CWE-664, + :CWE-732, + :CWE-1275 . + +:CAPEC-63 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Cross-Site Scripting (XSS)" ; + rdfs:subClassOf :CAPEC-242, + :CommonAttackPattern ; + :capec-id "CAPEC-63" ; + :definition "An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-79 . + +:CAPEC-64 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Slashes and URL Encoding Combined to Bypass Validation Logic" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-64" ; + :definition "This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc." ; + rdfs:seeAlso ; + :related :CAPEC-80, + :CWE-20, + :CWE-22, + :CWE-73, + :CWE-74, + :CWE-172, + :CWE-173, + :CWE-177, + :CWE-697, + :CWE-707 . + +:CAPEC-65 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Sniff Application Code" ; + rdfs:subClassOf :CAPEC-157, + :CommonAttackPattern ; + :capec-id "CAPEC-65" ; + :definition "An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server." ; + rdfs:seeAlso ; + :related :CWE-311, + :CWE-318, + :CWE-319, + :CWE-693, + :T1040 . + +:CAPEC-66 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "SQL Injection" ; + rdfs:subClassOf :CAPEC-248, + :CommonAttackPattern ; + :capec-id "CAPEC-66" ; + :definition "This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input." ; + rdfs:seeAlso ; + :related :CWE-89, + :CWE-1286 . + +:CAPEC-67 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "String Format Overflow in syslog()" ; + rdfs:subClassOf :CAPEC-100, + :CAPEC-135, + :CommonAttackPattern ; + :capec-id "CAPEC-67" ; + :definition "This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-120, + :CWE-134, + :CWE-680, + :CWE-697 . + +:CAPEC-68 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Subvert Code-signing Facilities" ; + rdfs:subClassOf :CAPEC-233, + :CommonAttackPattern ; + :capec-id "CAPEC-68" ; + :definition "Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack." ; + rdfs:seeAlso ; + :related :CWE-325, + :CWE-328, + :CWE-1326, + :T1553.002 . + +:CAPEC-69 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Target Programs with Elevated Privileges" ; + rdfs:subClassOf :CAPEC-233, + :CommonAttackPattern ; + :capec-id "CAPEC-69" ; + :definition "This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges." ; + rdfs:seeAlso ; + :related :CWE-15, + :CWE-250 . + +:CAPEC-70 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Try Common or Default Usernames and Passwords" ; + rdfs:subClassOf :CAPEC-49, + :CommonAttackPattern ; + :capec-id "CAPEC-70" ; + :definition "An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. \"secret\" or \"password\") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary." ; + rdfs:seeAlso ; + :related :CWE-262, + :CWE-263, + :CWE-308, + :CWE-309, + :CWE-521, + :CWE-654, + :CWE-798, + :T1078.001 . + +:CAPEC-71 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Unicode Encoding to Bypass Validation Logic" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-71" ; + :definition "An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly." ; + rdfs:seeAlso ; + :related :CAPEC-80, + :CWE-20, + :CWE-74, + :CWE-172, + :CWE-173, + :CWE-176, + :CWE-179, + :CWE-180, + :CWE-183, + :CWE-184, + :CWE-692, + :CWE-697 . + +:CAPEC-72 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "URL Encoding" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-72" ; + :definition "This attack targets the encoding of the URL. An adversary can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-73, + :CWE-74, + :CWE-172, + :CWE-173, + :CWE-177 . + +:CAPEC-73 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "User-Controlled Filename" ; + rdfs:subClassOf :CAPEC-165, + :CommonAttackPattern ; + :capec-id "CAPEC-73" ; + :definition "An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-86, + :CWE-96, + :CWE-116, + :CWE-184, + :CWE-348, + :CWE-350, + :CWE-697 . + +:CAPEC-74 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Manipulating State" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-74" ; + :definition "The adversary modifies state information maintained by the target software or causes a state transition in hardware. If successful, the target will use this tainted state and execute in an unintended manner." ; + rdfs:seeAlso ; + :related :CWE-315, + :CWE-353, + :CWE-372, + :CWE-693, + :CWE-1245, + :CWE-1253, + :CWE-1265, + :CWE-1271 . + +:CAPEC-75 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Manipulating Writeable Configuration Files" ; + rdfs:subClassOf :CAPEC-176, + :CommonAttackPattern ; + :capec-id "CAPEC-75" ; + :definition "Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users." ; + rdfs:seeAlso ; + :related :CAPEC-35, + :CWE-77, + :CWE-99, + :CWE-346, + :CWE-349, + :CWE-353, + :CWE-354 . + +:CAPEC-76 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Manipulating Web Input to File System Calls" ; + rdfs:subClassOf :CAPEC-126, + :CommonAttackPattern ; + :capec-id "CAPEC-76" ; + :definition "An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible." ; + rdfs:seeAlso ; + :related :CWE-15, + :CWE-22, + :CWE-23, + :CWE-59, + :CWE-73, + :CWE-74, + :CWE-77, + :CWE-272, + :CWE-285, + :CWE-346, + :CWE-348 . + +:CAPEC-77 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Manipulating User-Controlled Variables" ; + rdfs:subClassOf :CAPEC-22, + :CommonAttackPattern ; + :capec-id "CAPEC-77" ; + :definition "This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables." ; + rdfs:seeAlso ; + :related :CWE-15, + :CWE-94, + :CWE-96, + :CWE-285, + :CWE-302, + :CWE-473, + :CWE-1321 . + +:CAPEC-78 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Escaped Slashes in Alternate Encoding" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-78" ; + :definition "This attack targets the use of the backslash in alternate encoding. An adversary can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the adversary tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-22, + :CWE-73, + :CWE-74, + :CWE-172, + :CWE-173, + :CWE-180, + :CWE-181, + :CWE-697, + :CWE-707 . + +:CAPEC-79 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using Slashes in Alternate Encoding" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-79" ; + :definition "This attack targets the encoding of the Slash characters. An adversary would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the adversary many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-22, + :CWE-73, + :CWE-74, + :CWE-173, + :CWE-180, + :CWE-181, + :CWE-185, + :CWE-200, + :CWE-697, + :CWE-707 . + +:CAPEC-80 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Using UTF-8 Encoding to Bypass Validation Logic" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-80" ; + :definition "This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the \"shortest possible\" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters." ; + rdfs:seeAlso ; + :related :CAPEC-64, + :CAPEC-71, + :CWE-20, + :CWE-73, + :CWE-74, + :CWE-172, + :CWE-173, + :CWE-180, + :CWE-181, + :CWE-692, + :CWE-697 . + +:CAPEC-81 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Web Server Logs Tampering" ; + rdfs:subClassOf :CAPEC-268, + :CommonAttackPattern ; + :capec-id "CAPEC-81" ; + :definition "Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to \"Log Injection-Tampering-Forging\" except that in this case, the attack is targeting the logs of the web server and not the application." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-75, + :CWE-93, + :CWE-96, + :CWE-116, + :CWE-117, + :CWE-150, + :CWE-221, + :CWE-276, + :CWE-279 . + +:CAPEC-82 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + owl:deprecated true ; + rdfs:label "DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))" ; + rdfs:subClassOf :CommonAttackPattern ; + rdfs:comment "This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads, CAPEC-231: XML Oversized Payloads, and CAPEC-147: XML Ping of Death. Please refer to these CAPECs going forward." ; + :capec-id "CAPEC-82" ; + rdfs:seeAlso . + +:CAPEC-83 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "XPath Injection" ; + rdfs:subClassOf :CAPEC-250, + :CommonAttackPattern ; + :capec-id "CAPEC-83" ; + :definition "An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that they normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-91, + :CWE-707 . + +:CAPEC-84 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "XQuery Injection" ; + rdfs:subClassOf :CAPEC-250, + :CommonAttackPattern ; + :capec-id "CAPEC-84" ; + :definition "This attack utilizes XQuery to probe and attack server systems; in a similar manner that SQL Injection allows an attacker to exploit SQL calls to RDBMS, XQuery Injection uses improperly validated data that is passed to XQuery commands to traverse and execute commands that the XQuery routines have access to. XQuery injection can be used to enumerate elements on the victim's environment, inject commands to the local host, or execute queries to remote files and data sources." ; + rdfs:seeAlso ; + :related :CWE-74, + :CWE-707 . + +:CAPEC-85 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "AJAX Footprinting" ; + rdfs:subClassOf :CAPEC-580, + :CommonAttackPattern ; + :capec-id "CAPEC-85" ; + :definition "This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-79, + :CWE-86, + :CWE-96, + :CWE-113, + :CWE-116, + :CWE-184, + :CWE-348, + :CWE-692 . + +:CAPEC-86 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "XSS Through HTTP Headers" ; + rdfs:subClassOf :CAPEC-588, + :CAPEC-591, + :CAPEC-592, + :CommonAttackPattern ; + :capec-id "CAPEC-86" ; + :definition "An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications." ; + rdfs:seeAlso ; + :related :CWE-80 . + +:CAPEC-87 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Forceful Browsing" ; + rdfs:subClassOf :CAPEC-115, + :CommonAttackPattern ; + :capec-id "CAPEC-87" ; + :definition "An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected." ; + rdfs:seeAlso ; + :related :CWE-285, + :CWE-425, + :CWE-693 . + +:CAPEC-88 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "OS Command Injection" ; + rdfs:subClassOf :CAPEC-248, + :CommonAttackPattern ; + :capec-id "CAPEC-88" ; + :definition "In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-78, + :CWE-88, + :CWE-697 . + +:CAPEC-89 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Pharming" ; + rdfs:subClassOf :CAPEC-151, + :CommonAttackPattern ; + :capec-id "CAPEC-89" ; + :definition "A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading platform. An attacker can impersonate these supposedly trusted sites and have the victim be directed to their site rather than the originally intended one. Pharming does not require script injection or clicking on malicious links for the attack to succeed." ; + rdfs:seeAlso ; + :related :CWE-346, + :CWE-350 . + +:CAPEC-90 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Reflection Attack in Authentication Protocol" ; + rdfs:subClassOf :CAPEC-114, + :CAPEC-272, + :CommonAttackPattern ; + :capec-id "CAPEC-90" ; + :definition "An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication." ; + rdfs:seeAlso ; + :related :CWE-301, + :CWE-303 . + +:CAPEC-91 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + owl:deprecated true ; + rdfs:label "DEPRECATED: XSS in IMG Tags" ; + rdfs:subClassOf :CommonAttackPattern ; + rdfs:comment "This attack pattern has been deprecated as it is contained in the existing attack pattern \"CAPEC-18 : XSS Targeting Non-Script Elements\". Please refer to this other CAPEC going forward." ; + :capec-id "CAPEC-91" ; + rdfs:seeAlso . + +:CAPEC-92 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Forced Integer Overflow" ; + rdfs:subClassOf :CAPEC-128, + :CommonAttackPattern ; + :capec-id "CAPEC-92" ; + :definition "This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code." ; + rdfs:seeAlso ; + :related :CWE-120, + :CWE-122, + :CWE-128, + :CWE-190, + :CWE-196, + :CWE-680, + :CWE-697 . + +:CAPEC-93 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Log Injection-Tampering-Forging" ; + rdfs:subClassOf :CAPEC-268, + :CommonAttackPattern ; + :capec-id "CAPEC-93" ; + :definition "This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability." ; + rdfs:seeAlso ; + :related :CWE-75, + :CWE-117, + :CWE-150 . + +:CAPEC-94 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Adversary in the Middle (AiTM)" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-94" ; + :definition "An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components." ; + rdfs:seeAlso ; + :related :CWE-287, + :CWE-290, + :CWE-294, + :CWE-300, + :CWE-593, + :T1557 . + +:CAPEC-95 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "WSDL Scanning" ; + rdfs:subClassOf :CAPEC-54, + :CommonAttackPattern ; + :capec-id "CAPEC-95" ; + :definition "This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files." ; + rdfs:seeAlso ; + :related :CWE-538 . + +:CAPEC-96 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Block Access to Libraries" ; + rdfs:subClassOf :CAPEC-603, + :CommonAttackPattern ; + :capec-id "CAPEC-96" ; + :definition "An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. It is possible that the application does not handle situations properly where access to these libraries has been blocked. Depending on the error handling within the application, blocked access to libraries may leave the system in an insecure state that could be leveraged by an attacker." ; + rdfs:seeAlso ; + :related :CWE-589 . + +:CAPEC-97 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Cryptanalysis" ; + rdfs:subClassOf :CAPEC-192, + :CommonAttackPattern ; + :capec-id "CAPEC-97" ; + :definition "Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits)." ; + rdfs:seeAlso ; + :related :CWE-327, + :CWE-1204, + :CWE-1240, + :CWE-1241, + :CWE-1279 . + +:CAPEC-98 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Phishing" ; + rdfs:subClassOf :CAPEC-151, + :CommonAttackPattern ; + :capec-id "CAPEC-98" ; + :definition "Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or \"fishing\" for information." ; + rdfs:seeAlso ; + :related :CWE-451, + :T1566, + :T1598 . + +:CAPEC-99 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + owl:deprecated true ; + rdfs:label "DEPRECATED: XML Parser Attack" ; + rdfs:subClassOf :CommonAttackPattern ; + rdfs:comment "This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward." ; + :capec-id "CAPEC-99" ; + rdfs:seeAlso . + +:CAPEC-100 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Overflow Buffers" ; + rdfs:subClassOf :CAPEC-123, + :CommonAttackPattern ; + :capec-id "CAPEC-100" ; + :definition "Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice." ; + rdfs:seeAlso ; + :related :CWE-119, + :CWE-120, + :CWE-129, + :CWE-131, + :CWE-680, + :CWE-805 . + +:CAPEC-101 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Server Side Include (SSI) Injection" ; + rdfs:subClassOf :CAPEC-253, + :CommonAttackPattern ; + :capec-id "CAPEC-101" ; + :definition "An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-97 . + +:CAPEC-102 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Session Sidejacking" ; + rdfs:subClassOf :CAPEC-593, + :CommonAttackPattern ; + :capec-id "CAPEC-102" ; + :definition "Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token." ; + rdfs:seeAlso ; + :related :CWE-294, + :CWE-319, + :CWE-522, + :CWE-523, + :CWE-614 . + +:CAPEC-103 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Clickjacking" ; + rdfs:subClassOf :CAPEC-173, + :CommonAttackPattern ; + :capec-id "CAPEC-103" ; + :definition "An adversary tricks a victim into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different, usually an adversary controlled or intended, system." ; + rdfs:seeAlso ; + :related :CWE-1021 . + +:CAPEC-104 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Cross Zone Scripting" ; + rdfs:subClassOf :CAPEC-233, + :CommonAttackPattern ; + :capec-id "CAPEC-104" ; + :definition "An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-116, + :CWE-250, + :CWE-285, + :CWE-638 . + +:CAPEC-105 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "HTTP Request Splitting" ; + rdfs:subClassOf :CAPEC-220, + :CommonAttackPattern ; + :capec-id "CAPEC-105" ; + :definition "An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server)." ; + rdfs:seeAlso ; + :related :CAPEC-34, + :CWE-74, + :CWE-113, + :CWE-138, + :CWE-436 . + +:CAPEC-106 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + owl:deprecated true ; + rdfs:label "DEPRECATED: XSS through Log Files" ; + rdfs:subClassOf :CommonAttackPattern ; + rdfs:comment "This attack pattern has been deprecated as it referes to an existing chain relationship between \"CAPEC-93 : Log Injection-Tampering-Forging\" and \"CAPEC-63 : Cross-Site Scripting\". Please refer to these CAPECs going forward." ; + :capec-id "CAPEC-106" ; + rdfs:seeAlso . + +:CAPEC-107 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Cross Site Tracing" ; + rdfs:subClassOf :CAPEC-593, + :CommonAttackPattern ; + :capec-id "CAPEC-107" ; + :definition "Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to a destination system's web server." ; + rdfs:seeAlso ; + :related :CWE-648, + :CWE-693 . + +:CAPEC-108 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Command Line Execution through SQL Injection" ; + rdfs:subClassOf :CAPEC-66, + :CommonAttackPattern ; + :capec-id "CAPEC-108" ; + :definition "An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-78, + :CWE-89, + :CWE-114 . + +:CAPEC-109 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Object Relational Mapping Injection" ; + rdfs:subClassOf :CAPEC-66, + :CommonAttackPattern ; + :capec-id "CAPEC-109" ; + :definition "An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject their own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-89, + :CWE-564 . + +:CAPEC-110 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "SQL Injection through SOAP Parameter Tampering" ; + rdfs:subClassOf :CAPEC-66, + :CommonAttackPattern ; + :capec-id "CAPEC-110" ; + :definition "An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-89 . + +:CAPEC-111 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "JSON Hijacking (aka JavaScript Hijacking)" ; + rdfs:subClassOf :CAPEC-212, + :CommonAttackPattern ; + :capec-id "CAPEC-111" ; + :definition "An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website." ; + rdfs:seeAlso ; + :related :CWE-345, + :CWE-346, + :CWE-352 . + +:CAPEC-112 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Brute Force" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-112" ; + :definition "In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset." ; + rdfs:seeAlso ; + :related :CWE-326, + :CWE-330, + :CWE-521, + :T1110 . + +:CAPEC-113 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Interface Manipulation" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-113" ; + :definition "An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way." ; + rdfs:seeAlso ; + :related :CWE-1192 . + +:CAPEC-114 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Authentication Abuse" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-114" ; + :definition "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker." ; + rdfs:seeAlso ; + :related :CWE-287, + :CWE-1244, + :T1548 . + +:CAPEC-115 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Authentication Bypass" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-115" ; + :definition "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place." ; + rdfs:seeAlso ; + :related :CWE-287, + :T1548 . + +:CAPEC-116 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Excavation" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-116" ; + :definition "An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes." ; + rdfs:seeAlso ; + :related :CWE-200, + :CWE-1243 . + +:CAPEC-117 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Interception" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-117" ; + :definition "An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient." ; + rdfs:seeAlso ; + :related :CWE-319 . + +:CAPEC-120 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Double Encoding" ; + rdfs:subClassOf :CAPEC-267, + :CommonAttackPattern ; + :capec-id "CAPEC-120" ; + :definition "The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfuscate the payload of a particular request. This may allow the adversary to bypass filters that attempt to detect illegal characters or strings, such as those that might be used in traversal or injection attacks. Filters may be able to catch illegal encoded strings, but may not catch doubly encoded strings. For example, a dot (.), often used in path traversal attacks and therefore often blocked by filters, could be URL encoded as %2E. However, many filters recognize this encoding and would still block the request. In a double encoding, the % in the above URL encoding would be encoded again as %25, resulting in %252E which some filters might not catch, but which could still be interpreted as a dot (.) by interpreters on the target." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-172, + :CWE-173, + :CWE-177, + :CWE-181, + :CWE-183, + :CWE-184, + :CWE-692, + :CWE-697 . + +:CAPEC-121 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Exploit Non-Production Interfaces" ; + rdfs:subClassOf :CAPEC-113, + :CommonAttackPattern ; + :capec-id "CAPEC-121" ; + :definition "An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable." ; + rdfs:seeAlso ; + :related :CWE-489, + :CWE-1209, + :CWE-1259, + :CWE-1267, + :CWE-1270, + :CWE-1294, + :CWE-1295, + :CWE-1296, + :CWE-1302, + :CWE-1313 . + +:CAPEC-122 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Privilege Abuse" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-122" ; + :definition "An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources." ; + rdfs:seeAlso ; + :related :CWE-269, + :CWE-732, + :CWE-1317, + :T1548 . + +:CAPEC-123 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Buffer Manipulation" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-123" ; + :definition "An adversary manipulates an application's interaction with a buffer in an attempt to read or modify data they shouldn't have access to. Buffer attacks are distinguished in that it is the buffer space itself that is the target of the attack rather than any code responsible for interpreting the content of the buffer. In virtually all buffer attacks the content that is placed in the buffer is immaterial. Instead, most buffer attacks involve retrieving or providing more input than can be stored in the allocated buffer, resulting in the reading or overwriting of other unintended program memory." ; + rdfs:seeAlso ; + :related :CWE-119 . + +:CAPEC-124 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Shared Resource Manipulation" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-124" ; + :definition "An adversary exploits a resource shared between multiple applications, an application pool or hardware pin multiplexing to affect behavior. Resources may be shared between multiple applications or between multiple threads of a single application. Resource sharing is usually accomplished through mutual access to a single memory location or multiplexed hardware pins. If an adversary can manipulate this shared resource (usually by co-opting one of the applications or threads) the other applications or threads using the shared resource will often continue to trust the validity of the compromised shared resource and use it in their calculations. This can result in invalid trust assumptions, corruption of additional data through the normal operations of the other users of the shared resource, or even cause a crash or compromise of the sharing applications." ; + rdfs:seeAlso ; + :related :CAPEC-663, + :CWE-1189, + :CWE-1331 . + +:CAPEC-125 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Flooding" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-125" ; + :definition "An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target." ; + rdfs:seeAlso ; + :related :CWE-404, + :CWE-770, + :T1498.001, + :T1499 . + +:CAPEC-126 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Path Traversal" ; + rdfs:subClassOf :CAPEC-153, + :CommonAttackPattern ; + :capec-id "CAPEC-126" ; + :definition "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files." ; + rdfs:seeAlso ; + :related :CWE-22 . + +:CAPEC-127 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Directory Indexing" ; + rdfs:subClassOf :CAPEC-54, + :CommonAttackPattern ; + :capec-id "CAPEC-127" ; + :definition "An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks." ; + rdfs:seeAlso ; + :related :CWE-276, + :CWE-285, + :CWE-288, + :CWE-424, + :CWE-425, + :CWE-693, + :CWE-732, + :T1083 . + +:CAPEC-128 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Integer Attacks" ; + rdfs:subClassOf :CAPEC-153, + :CommonAttackPattern ; + :capec-id "CAPEC-128" ; + :definition "An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats." ; + rdfs:seeAlso ; + :related :CWE-682 . + +:CAPEC-129 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Pointer Manipulation" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-129" ; + :definition "This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks." ; + rdfs:seeAlso ; + :related :CWE-682, + :CWE-822, + :CWE-823 . + +:CAPEC-130 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Excessive Allocation" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-130" ; + :definition "An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request." ; + rdfs:seeAlso ; + :related :CWE-404, + :CWE-770, + :CWE-1325, + :T1499.003 . + +:CAPEC-131 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Resource Leak Exposure" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-131" ; + :definition "An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests." ; + rdfs:seeAlso ; + :related :CWE-404, + :T1499 . + +:CAPEC-132 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Symlink Attack" ; + rdfs:subClassOf :CAPEC-159, + :CommonAttackPattern ; + :capec-id "CAPEC-132" ; + :definition "An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name." ; + rdfs:seeAlso ; + :related :CWE-59, + :T1547.009 . + +:CAPEC-133 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Try All Common Switches" ; + rdfs:subClassOf :CAPEC-113, + :CommonAttackPattern ; + :capec-id "CAPEC-133" ; + :definition "An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is indiscriminately attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality." ; + rdfs:seeAlso ; + :related :CWE-912 . + +:CAPEC-134 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Email Injection" ; + rdfs:subClassOf :CAPEC-137, + :CommonAttackPattern ; + :capec-id "CAPEC-134" ; + :definition "An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol." ; + rdfs:seeAlso ; + :related :CWE-150 . + +:CAPEC-135 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Format String Injection" ; + rdfs:subClassOf :CAPEC-137, + :CommonAttackPattern ; + :capec-id "CAPEC-135" ; + :definition "An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-74, + :CWE-134 . + +:CAPEC-136 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "LDAP Injection" ; + rdfs:subClassOf :CAPEC-248, + :CommonAttackPattern ; + :capec-id "CAPEC-136" ; + :definition "An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value." ; + rdfs:seeAlso ; + :related :CWE-20, + :CWE-77, + :CWE-90 . + +:CAPEC-137 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Parameter Injection" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-137" ; + :definition "An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \"myInput&new_param=myValue\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example." ; + rdfs:seeAlso ; + :related :CWE-88 . + +:CAPEC-138 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Reflection Injection" ; + rdfs:subClassOf :CAPEC-137, + :CommonAttackPattern ; + :capec-id "CAPEC-138" ; + :definition "An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application." ; + rdfs:seeAlso ; + :related :CWE-470 . + +:CAPEC-139 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Relative Path Traversal" ; + rdfs:subClassOf :CAPEC-126, + :CommonAttackPattern ; + :capec-id "CAPEC-139" ; + :definition "An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \\) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure." ; + rdfs:seeAlso ; + :related :CWE-23 . + +:CAPEC-140 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Bypassing of Intermediate Forms in Multiple-Form Sets" ; + rdfs:subClassOf :CAPEC-74, + :CommonAttackPattern ; + :capec-id "CAPEC-140" ; + :definition "Some web applications require users to submit information through an ordered sequence of web forms. This is often done if there is a very large amount of information being collected or if information on earlier forms is used to pre-populate fields or determine which additional information the application needs to collect. An attacker who knows the names of the various forms in the sequence may be able to explicitly type in the name of a later form and navigate to it without first going through the previous forms. This can result in incomplete collection of information, incorrect assumptions about the information submitted by the attacker, or other problems that can impair the functioning of the application." ; + rdfs:seeAlso ; + :related :CWE-372 . + +:CAPEC-141 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Cache Poisoning" ; + rdfs:subClassOf :CAPEC-161, + :CommonAttackPattern ; + :capec-id "CAPEC-141" ; + :definition "An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value." ; + rdfs:seeAlso ; + :related :CWE-345, + :CWE-346, + :CWE-348, + :CWE-349, + :T1557.002 . + +:CAPEC-142 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "DNS Cache Poisoning" ; + rdfs:subClassOf :CAPEC-141, + :CommonAttackPattern ; + :capec-id "CAPEC-142" ; + :definition "A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack." ; + rdfs:seeAlso ; + :related :CWE-345, + :CWE-346, + :CWE-348, + :CWE-349, + :CWE-350, + :T1584.002 . + +:CAPEC-143 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Detect Unpublicized Web Pages" ; + rdfs:subClassOf :CAPEC-150, + :CommonAttackPattern ; + :capec-id "CAPEC-143" ; + :definition "An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public." ; + rdfs:seeAlso ; + :related :CWE-425 . + +:CAPEC-144 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Detect Unpublicized Web Services" ; + rdfs:subClassOf :CAPEC-150, + :CommonAttackPattern ; + :capec-id "CAPEC-144" ; + :definition "An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable." ; + rdfs:seeAlso ; + :related :CWE-425 . + +:CAPEC-145 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Checksum Spoofing" ; + rdfs:subClassOf :CAPEC-148, + :CommonAttackPattern ; + :capec-id "CAPEC-145" ; + :definition "An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred." ; + rdfs:seeAlso ; + :related :CWE-354 . + +:CAPEC-146 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "XML Schema Poisoning" ; + rdfs:subClassOf :CAPEC-271, + :CommonAttackPattern ; + :capec-id "CAPEC-146" ; + :definition "An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema." ; + rdfs:seeAlso ; + :related :CWE-15, + :CWE-472 . + +:CAPEC-147 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "XML Ping of the Death" ; + rdfs:subClassOf :CAPEC-528, + :CommonAttackPattern ; + :capec-id "CAPEC-147" ; + :definition "An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target." ; + rdfs:seeAlso ; + :related :CWE-400, + :CWE-770 . + +:CAPEC-148 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Content Spoofing" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-148" ; + :definition "An adversary modifies content to make it contain something other than what the original content producer intended while keeping the apparent source of the content unchanged. The term content spoofing is most often used to describe modification of web pages hosted by a target to display the adversary's content instead of the owner's content. However, any content can be spoofed, including the content of email messages, file transfers, or the content of other network communication protocols. Content can be modified at the source (e.g. modifying the source file for a web page) or in transit (e.g. intercepting and modifying a message between the sender and recipient). Usually, the adversary will attempt to hide the fact that the content has been modified, but in some cases, such as with web site defacement, this is not necessary. Content Spoofing can lead to malware exposure, financial fraud (if the content governs financial transactions), privacy violations, and other unwanted outcomes." ; + rdfs:seeAlso ; + :related :CAPEC-665, + :CWE-345, + :T1491 . + +:CAPEC-149 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Explore for Predictable Temporary File Names" ; + rdfs:subClassOf :CAPEC-497, + :CommonAttackPattern ; + :capec-id "CAPEC-149" ; + :definition "An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks." ; + rdfs:seeAlso ; + :related :CWE-377 . + +:CAPEC-150 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Collect Data from Common Resource Locations" ; + rdfs:subClassOf :CAPEC-116, + :CommonAttackPattern ; + :capec-id "CAPEC-150" ; + :definition "An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks." ; + rdfs:seeAlso ; + :related :CWE-552, + :CWE-1239, + :CWE-1258, + :CWE-1266, + :CWE-1272, + :CWE-1323, + :CWE-1330, + :T1003, + :T1119, + :T1213, + :T1530, + :T1555, + :T1602 . + +:CAPEC-151 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Identity Spoofing" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-151" ; + :definition "Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials." ; + rdfs:seeAlso ; + :related :CAPEC-665, + :CWE-287 . + +:CAPEC-153 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Input Data Manipulation" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-153" ; + :definition "An attacker exploits a weakness in input validation by controlling the format, structure, and composition of data to an input-processing interface. By supplying input of a non-standard or unexpected form an attacker can adversely impact the security of the target." ; + rdfs:seeAlso ; + :related :CWE-20 . + +:CAPEC-154 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Resource Location Spoofing" ; + rdfs:subClassOf :CommonAttackPattern ; + :capec-id "CAPEC-154" ; + :definition "An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals." ; + rdfs:seeAlso ; + :related :CWE-451 . + +:CAPEC-155 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Screen Temporary Files for Sensitive Information" ; + rdfs:subClassOf :CAPEC-150, + :CommonAttackPattern ; + :capec-id "CAPEC-155" ; + :definition "An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache." ; + rdfs:seeAlso ; + :related :CWE-377 . + +:CAPEC-157 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Sniffing Attacks" ; + rdfs:subClassOf :CAPEC-117, + :CommonAttackPattern ; + :capec-id "CAPEC-157" ; + :definition "In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Adversary-In-The-Middle attacks (CAPEC-94), but are entirely passive. AiTM attacks are predominantly active and often alter the content of the communications themselves." ; + rdfs:seeAlso ; + :related :CWE-311 . + +:CAPEC-158 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Sniffing Network Traffic" ; + rdfs:subClassOf :CAPEC-157, + :CommonAttackPattern ; + :capec-id "CAPEC-158" ; + :definition "In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information." ; + rdfs:seeAlso ; + :related :CWE-311, + :T1040, + :T1111 . + +:CAPEC-159 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Redirect Access to Libraries" ; + rdfs:subClassOf :CAPEC-154, + :CommonAttackPattern ; + :capec-id "CAPEC-159" ; + :definition "An adversary exploits a weakness in the way an application searches for external libraries to manipulate the execution flow to point to an adversary supplied library or code base. This pattern of attack allows the adversary to compromise the application or server via the execution of unauthorized code. An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. If an adversary can redirect an application's attempts to access these libraries to other libraries that the adversary supplies, the adversary will be able to force the targeted application to execute arbitrary code. This is especially dangerous if the targeted application has enhanced privileges. Access can be redirected through a number of techniques, including the use of symbolic links, search path modification, and relative path manipulation." ; + rdfs:seeAlso ; + :related :CWE-706, + :T1574.008 . + +:CAPEC-160 a :CommonAttackPattern, + owl:Class, + owl:NamedIndividual ; + rdfs:label "Exploit Script-Based APIs" ; + rdfs:subClassOf :CAPEC-113, + :CommonAttackPattern ; + :capec-id "CAPEC-160" ; + :definition "Some APIs support scripting instructions as arguments. Methods that take scripted instructions (or references to scripted instructions) can be very flexible and powerful. However, if an attacker can specify the script that serves as input to these methods they can gain access to a great deal of functionality. For example, HTML pages support