CAPEC-81: Web Server Logs Tampering
ID
CAPEC-81
Typical Severity
High
Likelihood Of Attack
Medium
Status
Draft
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-20 | Improper Input Validation | weakness |
| CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | weakness |
| CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') | weakness |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | weakness |
| CWE-116 | Improper Encoding or Escaping of Output | weakness |
| CWE-117 | Improper Output Neutralization for Logs | weakness |
| CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences | weakness |
| CWE-221 | Information Loss or Omission | weakness |
| CWE-276 | Incorrect Default Permissions | weakness |
| CWE-279 | Incorrect Execution-Assigned Permissions | weakness |