CAPEC-176 Metadata
Likelihood of Attack
Medium
Typical Severity
Medium
Overview
Summary
An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.
Prerequisites
The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement.
Potential Solutions / Mitigations
No specific solutions listed.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-15 | External Control of System or Configuration Setting |
| CWE-1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
| CWE-1234 | Hardware Internal or Debug Modes Allow Override of Locks |
| CWE-1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation |
| CWE-1328 | Security Version Number Mutable to Older Versions |
Taxonomy Mappings
Taxonomy: OWASP Attacks
| Entry ID | Entry Name |
|---|---|
| Link | Setting Manipulation |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.