Standardlikelihood: Highseverity: Very HighDraft

CAPEC-75Manipulating Writeable Configuration Files

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
Very High

Description

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users. Metadata: standard CAPEC pattern, status draft, likelihood high, severity very high. Underlying weaknesses: CWE-349, CWE-99, CWE-77, CWE-346, CWE-353 (and 1 more). Related CAPEC pattern: [object Object].

Related weaknesses· 6

CWE-349CWE-99CWE-77CWE-346CWE-353CWE-354

Related attack patterns· 1

CAPEC-176 (ChildOf)

Exploits6

TypeTargetConfidenceTier
WeaknessAcceptance of Extraneous Untrusted Data With Trusted Datacwe-349100%live
WeaknessImproper Control of Resource Identifiers ('Resource Injection')cwe-99100%live
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-77100%live
WeaknessOrigin Validation Errorcwe-346100%live
WeaknessImproper Validation of Integrity Check Valuecwe-354100%live
WeaknessMissing Support for Integrity Checkcwe-353100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
File Manipulation
CAPEC
Configuration/Environment Manipulation
CAPEC
Manipulating Web Input to File System Calls
CAPEC
Modify Shared File
CAPEC
Data Injected During Configuration
CAPEC
Modification of Windows Service Configuration
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.