DerScanner
Home / Vulnerability Database / Java : Policy manipulation
Java

Java : Policy manipulation

Classification

OWASP Top 10 2013
A1-Injection
OWASP Top 10 2017
A1-Injection
OWASP Top 10 2021
A3-Injection
PCI DSS 4.0
6.2.4
CWE
CWE-1027

Overview

SecurityManager policy settings are overwritten during application operation. This allows an attacker to unpredictably change the behavior of the application or disrupt its work.

The setting manipulation attack aims to modify application settings in order to cause misleading data or advantages on the attacker’s behalf. The attacker manipulate values in the system and manage specific user resources of the application or affect its functionalities.

References

  1. OWASP Top 10 2017-A1-Injection
  2. CWE-15: External Control of System or Configuration Setting
  3. OWASP: Setting Manipulation
  4. Default Policy Implementation and Policy File Syntax
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
MEDIUM

DerScanner Severity Score

Do you want to fix Java : Policy manipulation in your application?

See also

Java

Java : Race condition

Java

Java : Text4Shell Vulnerability

Java

Java : JNI usage