Home > CAPEC List > CAPEC-264: Environment Variable Manipulation (Version 2.9)  

CAPEC-264: Environment Variable Manipulation

Environment Variable Manipulation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 264
Abstraction: Meta
Status: Deprecated
Completeness: Hook
Presentation Filter:
+ Summary

An attacker manipulates environment variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).

+ Attack Prerequisites
  • The targeted application must rely on external variables in such a way that malicious manipulation of them can subvert functionality.

+ Resources Required

The attacker must be able to manipulate the targeted environment variables, either at runtime or by accessing a configuration file or manipulating start-up values.

+ Solutions and Mitigations

Design: Ensure that variables that should not be manipulated by a user are not accessible to them.

+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Related_Attack_PatternsInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015