Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-268:Audit Log Manipulation
Attack Pattern ID:268
Version:v3.9
Attack Pattern Name:Audit Log Manipulation
Abstraction:Standard
Status:Draft
Likelihood of Attack:
Typical Severity:
DetailsContent HistoryRelated WeaknessesReports
1Weaknesses found
CWE-117
Improper Output Neutralization for Logs
ShareView Details
Improper Output Neutralization for Logs
Likelihood of Exploit-Medium
Mapping-Allowed
Abstraction-Base
Found in76CVEs

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

Impacts-
Hide ActivitiesExecute Unauthorized Code or CommandsModify Application Data
Tags-
Medium exploitInput ValidationOutput EncodingExecute Unauthorized Code or Commands (impact)Modify Application Data (impact)Hide Activities (impact)
As Seen In-
CWE Cross-section