CAPEC Details
Name Configuration/Environment Manipulation
Likelyhood of attack Typical severity
Medium Medium
Summary An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.
Prerequisites The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement.
Solutions
Related Weaknesses
CWE ID Description
CWE-15 External Control of System or Configuration Setting
CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
CWE-1328 Security Version Number Mutable to Older Versions
Taxonomy: OWASP Attacks
Entry ID Entry Name
Link Setting Manipulation