A log injection vulnerability arises when a log entry contains unsanitized user input. A malicious user can insert fake log data and consequently deceive system administrators as to the system's behavior [OWASP 2008]. For example, a user might split a legitimate log entry into two log entries by entering a carriage return and line feed (CRLF) sequence, either of which might be misleading. Log injection attacks can be prevented by sanitizing and validating any untrusted input sent to a log.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4525d00502ed2e5c-8df625b9-487c493c-9fdf9aee-0c53fc2c3333faa41ae3d894"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Injection [RST] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-144. Improper Neutralization of Line Delimiters | ||||
| CWE-150. Improper Neutralization of Escape, Meta, or Control Sequences |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="506366b60815bfe8-9344935a-478145f5-bc288516-d64ca808e5f7f8026ebddcd3"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b5fdf9d9ca2fad31-2daa6d0a-44db4128-a8008d36-09a6726405a737f553999a54"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] | [Log Injection | https://www.owasp.org/index.php/Log_injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="aab1482e9983f0a0-c49f3c7f-460049ba-afef81db-b7d3206298bc768f19f3f981"><ac:plain-text-body><![CDATA[ | [[PCI DSS Standard | https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml]] | ]]></ac:plain-text-body></ac:structured-macro> |
...