CAPEC Details
Name Configuration/Environment Manipulation
Likelyhood of attack Typical severity
Medium Medium
Summary An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.
Prerequisites The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement.
Solutions
Related Weaknesses
CWE ID Description
CWE-15 External Control of System or Configuration Setting
CWE-1233 Improper Hardware Lock Protection for Security Sensitive Controls
CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
Taxonomy: OWASP Attacks
Entry ID Entry Name
Link Setting Manipulation