CWE-779: CWE-779: Logging of Excessive Data

BaseStable

Description

View on MITRE
Back to CWE Lookup

Extended Description

Extended Description

Technical Details

Structure
Simple
Vulnerability Mapping
ALLOWED

Applicable To

Languages
Languages
Platforms
Languages

Frequently Asked Questions

What is CWE-779: CWE-779: Logging of Excessive Data?+

CWE-779: CWE-779: Logging of Excessive Data is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description

What are the security consequences of CWE-779: Logging of Excessive Data?+

If exploited, CWE-779 (CWE-779: Logging of Excessive Data) it can compromise DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other) and Hide Activities, leading to outcomes such as Scope: Availability Log files can become so large that they consume excessive resources, such as disk and CPU, which can hinder the performance of the system., Scope: Non-Repudiation Logging too much information can make the log files of less use to forensics analysts and developers when trying to diagnose a problem or recover from an attack., Scope: Non-Repudiation If system administrators are unable to effectively process log files and attempted attacks may go undetected.

How do you prevent or mitigate CWE-779: Logging of Excessive Data?+

Recommended mitigations for CWE-779 include: Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states "last message repeated X times" when recording repeated events. Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the product. This may result in a denial-of-service to legitimate product users, but it will prevent the product from adversely impacting the entire system. Adjust configurations appropriately when the product is transitioned from a debug state to production.

Which programming languages are affected by CWE-779: Logging of Excessive Data?+

CWE-779 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-779 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More