An attacker manipulates files or settings external to a target application
which affect the behavior of that application. For example, many
applications use external configuration files and libraries - modification
of these entities or otherwise affecting the application's ability to use
them would constitute a configuration/environment manipulation
attack.
Attack Prerequisites
The target application must consult external files or configuration
controls to control its execution. All but the very simplest applications
meet this requirement.
Resources Required
The attacker must have the access necessary to affect the files or other
environment items the targeted application uses for its operations.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2010, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
