CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
        • Android
        • Aws-lambda
        • Castor
        • Java-jwt
        • Jax-rs
        • Jboss
        • Jdo
        • Jedis
        • Jjwt
        • Jsch
        • Kryo
        • Lang
        • Micronaut
        • Mongo
        • Mongodb
        • Mysql
        • Okhttp
        • Rmi
        • Servlets
        • Spring
          • Log-http-headers
            • Log request headers
          • Security
          • Security
          • Simple-command-injection-direct-input
          • Spring-tainted-path-traversal
          • Tainted-html-string-responsebody
        • Thymeleaf
        • Xstream
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Log-http-headers

    Log request headers

    log-request-headers

    The application stores potentially sensitive information in log files. This could lead to a vulnerability, if an attacker can gain access to logs and then use the sensitive information to perform further attacks. When dealing with HTTP requests, sensitive data could be, for instance, JWT tokens or other session identifiers. To prevent this vulnerability review the type of information being logged. Sensitive information can be identified and filtered or obfuscated before calling logging functions.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-532: Insertion of Sensitive Information into Log File
    OWASP:
    - A09:2021 - Security Logging and Monitoring Failures
    Tainted xmlreader xxe servletSecurity
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.