Extended Description
Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states "last message repeated X times" when recording repeated events.
Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the product. This may result in a denial-of-service to legitimate product users, but it will prevent the product from adversely impacting the entire system.
Adjust configurations appropriately when the product is transitioned from a debug state to production.
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
No relationship information available for this CWE.
CWE-779: CWE-779: Logging of Excessive Data is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description
If exploited, CWE-779 (CWE-779: Logging of Excessive Data) it can compromise DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other) and Hide Activities, leading to outcomes such as Scope: Availability Log files can become so large that they consume excessive resources, such as disk and CPU, which can hinder the performance of the system., Scope: Non-Repudiation Logging too much information can make the log files of less use to forensics analysts and developers when trying to diagnose a problem or recover from an attack., Scope: Non-Repudiation If system administrators are unable to effectively process log files and attempted attacks may go undetected.
Recommended mitigations for CWE-779 include: Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states "last message repeated X times" when recording repeated events. Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the product. This may result in a denial-of-service to legitimate product users, but it will prevent the product from adversely impacting the entire system. Adjust configurations appropriately when the product is transitioned from a debug state to production.
CWE-779 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-779 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.