You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
log security
About this tag
Log security on WindowsForum.com covers vulnerabilities and best practices for protecting log files from tampering or injection. A recent thread discusses CVE-2024-47252, an Apache mod_ssl log escaping flaw that allows malicious TLS clients to inject escape or control characters into logs. The fix was released in Apache 2.4.64, and Microsoft's Security Response Center issued an attestation for Azure Linux, noting the distribution includes the vulnerable component. This highlights the importance of log sanitization and monitoring for unauthorized modifications. Discussions also touch on broader log security measures for Windows and Linux environments, including audit policies and SIEM integration.
The Apache HTTP Server vulnerability tracked as CVE-2024-47252 — an insufficient escaping flaw in mod_ssl that can allow a malicious TLS client to inject escape/control characters into log files — has been confirmed by Apache and fixed in the 2.4.64 release; Microsoft’s Security Response Center...