CWE-117: Improper Output Neutralization for Logs
ID
CWE-117
Abstraction
Base
Structure
Simple
Status
Draft
Number of CVEs
50
The product does not neutralize or incorrectly neutralizes output that is written to logs.
This can allow an attacker to forge log entries or inject malicious content into logs.
Log forging vulnerabilities occur when:
- Data enters an application from an untrusted source.
- The data is written to an application or system log file.
Modes of Introduction
Phase | Note |
---|---|
Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.orgCVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...