General Information

Client Controlled Configuration Setting Manipulation

Variants:
Direct Session 

Also Known As:
Setting Manipulation

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Secure Design

Invented In:
01/02/2000

Added In:
09/12/2014


Vector Operation Method:
Attackers can abuse different aspects in the application by manipulating configuration settings that the application accepts as input from the client side.


Direct Variant:

Setting Manipulation

Variant Title:
Setting Manipulation

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

Setting Manipulation via Session Poisoning

Also Known As:
Session Setting Manipulation

Typical Severity:
Major

Resources:

White Papers:

Learn More: