Scala : Policy manipulation

Classification

OWASP Top 10 2013

A1-Injection

OWASP Top 10 2017

OWASP Top 10 2021

PCI DSS 4.0

CWE

Overview

SecurityManager policy settings are overwritten during application operation. This allows an attacker to unpredictably change the behavior of the application or disrupt its work.

The setting manipulation attack aims to modify application settings in order to cause misleading data or advantages on the attacker’s behalf. The attacker manipulate values in the system and manage specific user resources of the application or affect its functionalities.

References

OWASP Top 10 2017-A1-Injection
CWE-15: External Control of System or Configuration Setting
OWASP: Setting Manipulation
Default Policy Implementation and Policy File Syntax
CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection

MEDIUM

Scala : Policy manipulation

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Scala : Policy manipulation in your application?

See also

Scala : Unreleased resource stream

Scala : Multiple loggers in same class

Scala : Insufficient encryption key length