{
"id": "bundle--2ea1bdda-a06e-4a67-9a5f-a12e922a0e90",
"objects": [
{
"created": "2014-06-23T00:00:00.000Z",
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
"description": "Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.",
"external_references": [
{
"external_id": "CAPEC-75",
"source_name": "capec",
"url": "https://capec.mitre.org/data/definitions/75.html"
},
{
"external_id": "CWE-349",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/349.html"
},
{
"external_id": "CWE-99",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/99.html"
},
{
"external_id": "CWE-77",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/77.html"
},
{
"external_id": "CWE-346",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/346.html"
},
{
"external_id": "CWE-353",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/353.html"
},
{
"external_id": "CWE-354",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/354.html"
},
{
"description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley",
"external_id": "REF-1",
"source_name": "reference_from_CAPEC"
}
],
"id": "attack-pattern--08c74bd3-c5ad-4d6c-a8bb-bb93d7503ddb",
"modified": "2022-09-29T00:00:00.000Z",
"name": "Manipulating Writeable Configuration Files",
"object_marking_refs": [
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
],
"type": "attack-pattern",
"x_capec_abstraction": "Standard",
"x_capec_child_of_refs": [
"attack-pattern--f9f65fdd-5857-4a57-a725-066465397601"
],
"x_capec_consequences": {
"Access_Control": [
"Gain Privileges"
],
"Authorization": [
"Gain Privileges"
],
"Confidentiality": [
"Gain Privileges"
]
},
"x_capec_domains": [
"Software"
],
"x_capec_example_instances": [
"\n The BEA Weblogic server uses a config.xml file to store configuration data. If this file is not properly protected by the system access control, an attacker can write configuration information to redirect server output through system logs, database connections, malicious URLs and so on. Access to the Weblogic server may be from a so-called Custom realm which manages authentication and authorization privileges on behalf of user principals. Given write access, the attacker can insert a pointer to a custom realm jar file in the config.xml\n < CustomRealmConfigurationData=\"java.util.Properties\"Name=\"CustomRealm\"RealmClassName=\"Maliciousrealm.jar\"/>\n \n The main issue with configuration files is that the attacker can leverage all the same functionality the server has, but for malicious means. Given the complexity of server configuration, these changes may be very hard for administrators to detect.\n "
],
"x_capec_likelihood_of_attack": "High",
"x_capec_prerequisites": [
"Configuration files must be modifiable by the attacker"
],
"x_capec_skills_required": {
"Medium": "To identify vulnerable configuration files, and understand how to manipulate servers and erase forensic evidence"
},
"x_capec_status": "Draft",
"x_capec_typical_severity": "Very High",
"x_capec_version": "3.9"
}
],
"spec_version": "2.0",
"type": "bundle"
}