Name Web Logs Tampering
Summary Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
Prerequisites Target server software must be a HTTP server that performs web logging.
Solutions Design: Use input validation before writing to web log Design: Validate all log data before it is output
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-92 DEPRECATED: Improper Sanitization of Custom Special Characters
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116 Improper Encoding or Escaping of Output
CWE-117 Improper Output Neutralization for Logs
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221 Information Loss or Omission
CWE-276 Incorrect Default Permissions
CWE-279 Incorrect Execution-Assigned Permissions
Back to Top