Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-81:Web Server Logs Tampering
Attack Pattern ID:81
Version:v3.9
Attack Pattern Name:Web Server Logs Tampering
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Medium
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
10Weaknesses found
CWE-116
Improper Encoding or Escaping of Output
ShareView Details
Improper Encoding or Escaping of Output
Likelihood of Exploit-High
Mapping-Allowed-with-Review
Abstraction-Class
Found in316CVEs

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Impacts-
Bypass Protection MechanismExecute Unauthorized Code or CommandsModify Application Data
Tags-
AI/MLWeb ServerDatabase ServerHigh exploitLibraries or FrameworksParameterizationExecute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Modify Application Data (impact)
As Seen In-
Simplified Mapping of Published Vulnerabilities
CWE-117
Improper Output Neutralization for Logs
ShareView Details
Improper Output Neutralization for Logs
Likelihood of Exploit-Medium
Mapping-Allowed
Abstraction-Base
Found in76CVEs

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

Impacts-
Hide ActivitiesExecute Unauthorized Code or CommandsModify Application Data
Tags-
Medium exploitInput ValidationOutput EncodingExecute Unauthorized Code or Commands (impact)Modify Application Data (impact)Hide Activities (impact)
As Seen In-
CWE Cross-section
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
ShareView Details
Improper Neutralization of Escape, Meta, or Control Sequences
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Variant
Found in33CVEs

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

Impacts-
Unexpected State
Tags-
Input ValidationOutput EncodingUnexpected State (impact)
As Seen In-
Not Available
CWE-20
Improper Input Validation
ShareView Details
Improper Input Validation
Likelihood of Exploit-High
Mapping-Discouraged
Abstraction-Class
Found in11448CVEs

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Impacts-
DoS: Crash, Exit, or RestartDoS: Resource Consumption (Memory)Execute Unauthorized Code or CommandsModify MemoryDoS: Resource Consumption (CPU)Read MemoryRead Files or Directories
Tags-
High exploitLibraries or FrameworksInput ValidationAttack Surface ReductionExecute Unauthorized Code or Commands (impact)DoS: Resource Consumption (CPU) (impact)Read Files or Directories (impact)Read Memory (impact)DoS: Crash, Exit, or Restart (impact)DoS: Resource Consumption (Memory) (impact)Modify Memory (impact)
As Seen In-
2019 CWE Top 25 Most Dangerous Software Errors2021 CWE Top 25 Most Dangerous Software2020 CWE Top 25 Most Dangerous Software2022 CWE Top 25 Most Dangerous Software2023 CWE Top 25 Most Dangerous Software2024 CWE Top 25 Most Dangerous SoftwareOriginally Used by NVD from 2008 to 2016Simplified Mapping of Published Vulnerabilities
CWE-221
Information Loss or Omission
ShareView Details
Information Loss or Omission
Likelihood of Exploit-Not Available
Mapping-Allowed-with-Review
Abstraction-Class
Found in2CVEs

The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.

Impacts-
Hide Activities
Tags-
Hide Activities (impact)
As Seen In-
Not Available
CWE-276
Incorrect Default Permissions
ShareView Details
Incorrect Default Permissions
Likelihood of Exploit-Medium
Mapping-Allowed
Abstraction-Base
Found in1350CVEs

During installation, installed file permissions are set to allow anyone to modify those files.

Impacts-
Read Application DataModify Application Data
Tags-
Medium exploitSeparation of PrivilegeICS/OT (technology class)Modify Application Data (impact)Read Application Data (impact)
As Seen In-
2021 CWE Top 25 Most Dangerous Software2022 CWE Top 25 Most Dangerous Software2023 CWE Top 25 Most Dangerous Software
CWE-279
Incorrect Execution-Assigned Permissions
ShareView Details
Incorrect Execution-Assigned Permissions
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Variant
Found in15CVEs

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

Impacts-
Read Application DataModify Application Data
Tags-
Separation of PrivilegeModify Application Data (impact)Read Application Data (impact)
As Seen In-
Not Available
CWE-75
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
ShareView Details
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Likelihood of Exploit-Not Available
Mapping-Discouraged
Abstraction-Class
Found in31CVEs

The product does not adequately filter user-controlled input for special elements with control implications.

Impacts-
Execute Unauthorized Code or CommandsModify Application Data
Tags-
Execute Unauthorized Code or Commands (impact)Modify Application Data (impact)
As Seen In-
Not Available
CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
ShareView Details
Improper Neutralization of CRLF Sequences ('CRLF Injection')
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in81CVEs

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Impacts-
Modify Application Data
Tags-
Modify Application Data (impact)
As Seen In-
Not Available
CWE-96
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
ShareView Details
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in21CVEs

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.

Impacts-
Read Application DataExecute Unauthorized Code or CommandsGain Privileges or Assume IdentityBypass Protection MechanismHide ActivitiesRead Files or Directories
Tags-
PerlInput ValidationOutput EncodingInterpretedExecute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Files or Directories (impact)Hide Activities (impact)Read Application Data (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
CWE Cross-section