LOG INJECTION

Feature Value
Type Detection
Risk OWASP A1
Covered by Agent

Log Injection occurs when unvalidated input is stored directly in log files, which may lead to misinformation or the exploitation of other vulnerabilities.

Example:

String val = request.getParameter("val");
try {
    int value = Integer.parseInt(val);
}
catch (NumberFormatException) {
    log.info("Failed to parse val = " + val);
}

More information

How to solve it

Implement an input validation policy to traces so that untrusted inputs cannot maliciously modify log files.