Uploaded image for project: 'Java Mission Control'
  1. Java Mission Control
  2. JMC-6818

Fortify SCA Flagged Security Issues in LoggingToolkit

    XMLWordPrintable

Details

    Description

      Fortify Static Code Analyser has reported following issues in LoggingToolkit.java

      1. Log Forging

      The method initializeLogging() in LoggingToolkit.java writes unvalidated user input to the log on line 110. An attacker could take advantage of this behavior to forge log entries or inject malicious content into the log.

      2. Shared Sink

      Attackers are able to control the file system path argument to File() at LoggingToolkit.java line 163, which allows them to access or modify otherwise protected files.

      3. Path Manipulation

      Attackers are able to control the file system path argument to File() at LoggingToolkit.java line 106, which allows them to access or modify otherwise protected files.

      Attachments

        Activity

          People

            Unassigned Unassigned
            bbanathur Bipin Banathur
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: