CAPEC-176: Configuration/Environment Manipulation

Meta Draft 严重程度: Medium

CAPEC版本: 3.9

更新日期: 2023-01-24

攻击模式描述

An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.

前提条件

  • The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement.

所需资源

  • The attacker must have the access necessary to affect the files or other environment items the targeted application uses for its operations.

分类映射

分类名称 条目ID 条目名称
OWASP Attacks - Setting Manipulation
关键信息

CAPEC ID: CAPEC-176

抽象级别: Meta

状态: Draft

典型严重程度: Medium

相关CWE弱点
CWE-15 CWE-1233 CWE-1234 CWE-1304 CWE-1328
返回列表