Home > CAPEC List > CAPEC-265: Global variable manipulation (Version 2.9)  

CAPEC-265: Global variable manipulation

 
Global variable manipulation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 265
Abstraction: Meta
Status: Deprecated
Completeness: Hook
Presentation Filter:
+ Summary

An attacker manipulates global variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).

+ Attack Prerequisites
  • The targeted application must rely on external variables in such a way that malicious manipulation of them can subvert functionality.

+ Resources Required

The attacker must be able to manipulate the targeted global variables, either at runtime or by accessing a configuration file or manipulating start-up values.

+ Solutions and Mitigations

Design: Range, size and value and consistency verification for any arguments supplied to application from external sources and devise appropriate error response.

Design: Ensure that variables that should not be manipulated by a user are not accessible to them.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Related_Attack_PatternsInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015