Uploaded image for project: 'Java Mission Control'
  1. Java Mission Control
  2. JMC-6818

Fortify SCA Flagged Security Issues in LoggingToolkit

    XMLWordPrintable

    Details

      Description

      Fortify Static Code Analyser has reported following issues in LoggingToolkit.java

      1. Log Forging

      The method initializeLogging() in LoggingToolkit.java writes unvalidated user input to the log on line 110. An attacker could take advantage of this behavior to forge log entries or inject malicious content into the log.

      2. Shared Sink

      Attackers are able to control the file system path argument to File() at LoggingToolkit.java line 163, which allows them to access or modify otherwise protected files.

      3. Path Manipulation

      Attackers are able to control the file system path argument to File() at LoggingToolkit.java line 106, which allows them to access or modify otherwise protected files.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            bbanathur Bipin Banathur
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: