| Name |
Configuration/Environment Manipulation |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Medium |
|
| Summary |
An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack. |
| Prerequisites |
The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-15 |
External Control of System or Configuration Setting |
| CWE-1233 |
Improper Hardware Lock Protection for Security Sensitive Controls |
| CWE-1234 |
Hardware Internal or Debug Modes Allow Override of Locks |
| CWE-1304 |
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation |
| CWE-1328 |
Security Version Number Mutable to Older Versions |
|
| Taxonomy: OWASP Attacks |
|
Entry ID
|
Entry Name
|
| Link |
Setting Manipulation |
|