Statements (32)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-74
|
| gptkbp:affects |
Mobile Applications
Web Applications Desktop Applications |
| gptkbp:category |
Input Validation and Representation
|
| gptkbp:difficulty |
gptkb:tank
|
| gptkbp:example |
An attacker can inject malicious content into log files.
|
| gptkbp:has_weakness |
gptkb:CWE-200
gptkb:CWE-22 gptkb:CWE-23 gptkb:CWE-74 gptkb:CWE-117 gptkb:CWE-134 gptkb:CWE-209 gptkb:CWE-36 gptkb:CWE-611 gptkb:CWE-77 gptkb:CWE-89 gptkb:CWE-20 CWE-78 CWE-116 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-117
|
| gptkbp:impact |
Log Injection
|
| gptkbp:is_described_as |
The software does not properly neutralize special elements in output that are used in log files.
|
| gptkbp:is_protected_by |
Sanitize log output.
|
| gptkbp:name |
Improper Output Neutralization for Logs
|
| gptkbp:related_to |
gptkb:CWE-74
gptkb:CWE-77 gptkb:CWE-89 gptkb:CWE-20 |