A log injection vulnerability arises when a log entry contains unsanitized user input. A malicious user can insert fake log data and consequently deceive system administrators as to the system's behavior [OWASP 2008]. For example, an attacker might split a legitimate log entry into two log entries by entering a carriage return and line feed (CRLF) sequence to mislead an auditor. Log injection attacks can be prevented by sanitizing and validating any untrusted input sent to a log.
...
| Tool | Version | Checker | Description |
|---|---|---|---|
| Fortify | Log_Forging | Implemented | |
| Klocwork | SVLOG_FORGING | Implemented |
Related Guidelines
Injection [RST] | |
CWE-144, Improper neutralization of line delimiters | |
| MITRE CAPEC | CAPEC-93: Log Injection-Tampering-Forging |
Bibliography
...
IDS02-J. Canonicalize path names before validating them Rule 00: Input Validation and Data Sanitization (IDS)