Which type of attack can overwhelm a web server by inserting more data into a web form than the system was configured to hold?

The correct answer is a buffer overflow attack. This type of attack exploits a vulnerability in a program that handles data input. In a buffer overflow scenario, an attacker sends more data to a web server or application than it is designed to accommodate, exceeding the allocated buffer size. This excess data can overwrite adjacent memory, leading to unpredictable behavior, crashes, or even the execution of malicious code.

Buffer overflow attacks are particularly dangerous because they can provide attackers with a means to take control of a system or cause it to malfunction. When a web form doesn't properly validate or limit the amount of data being submitted, it becomes susceptible to this kind of exploitation. This highlights the necessity for proper input validation and secure coding practices to prevent such vulnerabilities in web applications.

In contrast, the other options mentioned represent different attack techniques: ARP poisoning involves intercepting traffic on a local network; session hijacking refers to taking over a user's active session in a web application; and cross-site scripting (XSS) allows an attacker to inject malicious scripts into a web application. While these attacks have their own dangers, they do not specifically relate to overwhelming a server through excess data submission like a buffer overflow does.