Name Environment Variable Manipulation
Summary An attacker manipulates environment variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
Prerequisites The targeted application must rely on external variables in such a way that malicious manipulation of them can subvert functionality.
Solutions Design: Ensure that variables that should not be manipulated by a user are not accessible to them.
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-471 Modification of Assumed-Immutable Data (MAID)
Back to Top