CAPEC-75: Manipulating Writeable Configuration Files
ID
CAPEC-75
Typical Severity
Very High
Likelihood Of Attack
High
Status
Draft
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | weakness |
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | weakness |
| CWE-346 | Origin Validation Error | weakness |
| CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data | weakness |
| CWE-353 | Missing Support for Integrity Check | weakness |
| CWE-354 | Improper Validation of Integrity Check Value | weakness |