Wb 1 #3

Cxwberriel · 2021-07-27T16:22:59Z

Trying again.

Update Alien.java

Cxwberriel · 2021-07-27T16:24:47Z

Checkmarx AST - Scan Summary & Details

SAST Summary

Total of 1158 vulnerabilities
281 HIGH
394 MEDIUM
473 LOW
10 INFO
View more details on Checkmarx UI

Violation Summary

55 HIGH
64 MEDIUM
197 LOW
4 INFO

SAST Details

Lines	Severity	Category	File	Link
46	HIGH	Code_Injection	/ExampleCommonsCollections1.java	n/a
152	HIGH	Code_Injection	/VulnerableHTTPServer.java	n/a
49	HIGH	Code_Injection	/DnsWithCommonsCollections.java	n/a
33	HIGH	Deserialization_of_Untrusted_Data	/TestDeserialize.java	n/a
152	HIGH	Deserialization_of_Untrusted_Data	/VulnerableHTTPServer.java	n/a
68	HIGH	Deserialization_of_Untrusted_Data	/ExploitGadgetExample1.java	n/a
58	HIGH	Reflected_XSS_All_Clients	/src/main/webapp/admin/adminlogin.jsp	n/a
16	HIGH	Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/xss/search.jsp	n/a
14	HIGH	Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/Injection/xslt.jsp	n/a
8	HIGH	Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
11 18	HIGH	Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/SendMessage.jsp	n/a
40	HIGH	Reflected_XSS_All_Clients	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
9	HIGH	Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/Injection/xpath_login.jsp	n/a
44	HIGH	Reflected_XSS_All_Clients	/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	n/a
2 2	HIGH	Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/xss/xss4.jsp	n/a
7 7 26	HIGH	Reflected_XSS_All_Clients	/src/main/webapp/login.jsp	n/a
27 28	HIGH	SQL_Injection	/src/main/webapp/vulnerability/idor/change-email.jsp	n/a
26	HIGH	SQL_Injection	/src/main/webapp/vulnerability/csrf/change-info.jsp	n/a
41 42 43	HIGH	SQL_Injection	/src/main/webapp/vulnerability/forum.jsp	n/a
43 43	HIGH	SQL_Injection	/src/main/webapp/ForgotPassword.jsp	n/a
35 36	HIGH	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
16 16	HIGH	SQL_Injection	/src/main/webapp/myprofile.jsp	n/a
50	HIGH	SQL_Injection	/src/main/webapp/vulnerability/Injection/orm.jsp	n/a
16	HIGH	SQL_Injection	/src/main/webapp/vulnerability/DisplayMessage.jsp	n/a
18	HIGH	SQL_Injection	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
9	HIGH	SQL_Injection	/src/main/webapp/vulnerability/forumposts.jsp	n/a
11 11 11 11 11	HIGH	SQL_Injection	/src/main/webapp/admin/adminlogin.jsp	n/a
33	HIGH	SQL_Injection	/src/main/webapp/vulnerability/csrf/changepassword.jsp	n/a
42	HIGH	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java	n/a
43 43 43 43 43 44 44 44 44 44	HIGH	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
13	HIGH	SQL_Injection	/src/main/webapp/admin/manageusers.jsp	n/a
37 38 39	HIGH	SQL_Injection	/src/main/webapp/changeCardDetails.jsp	n/a
42	HIGH	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java	n/a
18	HIGH	SQL_Injection	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
43 43 44 45 46 47	HIGH	SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
8	HIGH	SQL_Injection	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
55 55 55 55	HIGH	Second_Order_SQL_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
19 19 19 19	HIGH	Second_Order_SQL_Injection	/src/main/webapp/admin/adminlogin.jsp	n/a
55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55	HIGH	Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
13	HIGH	Stored_XSS	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
19	HIGH	Stored_XSS	/src/main/webapp/admin/manageusers.jsp	n/a
19 19 19	HIGH	Stored_XSS	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp	n/a
14	HIGH	Stored_XSS	/src/main/webapp/vulnerability/Messages.jsp	n/a
12	HIGH	Stored_XSS	/src/main/webapp/vulnerability/Injection/orm.jsp	n/a
24	HIGH	Stored_XSS	/src/main/webapp/vulnerability/idor/download.jsp	n/a
19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19	HIGH	Stored_XSS	/src/main/webapp/admin/adminlogin.jsp	n/a
12	HIGH	Stored_XSS	/src/main/webapp/vulnerability/forumUsersList.jsp	n/a
60 60 60	HIGH	Stored_XSS	/src/main/webapp/vulnerability/forum.jsp	n/a
43	HIGH	Stored_XSS	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
14 14 14	HIGH	Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp	n/a
43	HIGH	Stored_XSS	/src/main/webapp/ForgotPassword.jsp	n/a
21 21 21 29 29 29	HIGH	Stored_XSS	/src/main/webapp/myprofile.jsp	n/a
43	HIGH	Stored_XSS	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
16 16 16	HIGH	Stored_XSS	/src/main/webapp/vulnerability/DisplayMessage.jsp	n/a
35 36	HIGH	XPath_Injection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
11	MEDIUM	Absolute_Path_Traversal	/src/main/webapp/vulnerability/idor/download.jsp	n/a
2	MEDIUM	CGI_Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/xss/xss4.jsp	n/a
26	MEDIUM	CGI_Reflected_XSS_All_Clients	/src/main/webapp/login.jsp	n/a
58	MEDIUM	CGI_Reflected_XSS_All_Clients	/src/main/webapp/admin/adminlogin.jsp	n/a
8	MEDIUM	CGI_Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
44	MEDIUM	CGI_Reflected_XSS_All_Clients	/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	n/a
9	MEDIUM	CGI_Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/Injection/xpath_login.jsp	n/a
40	MEDIUM	CGI_Reflected_XSS_All_Clients	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
11 18	MEDIUM	CGI_Reflected_XSS_All_Clients	/src/main/webapp/vulnerability/SendMessage.jsp	n/a
21 21 21 29 29 29	MEDIUM	CGI_Stored_XSS	/src/main/webapp/myprofile.jsp	n/a
14 14 14	MEDIUM	CGI_Stored_XSS	/src/main/webapp/vulnerability/forumposts.jsp	n/a
43	MEDIUM	CGI_Stored_XSS	/src/main/webapp/ForgotPassword.jsp	n/a
19 19 19	MEDIUM	CGI_Stored_XSS	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp	n/a
14	MEDIUM	CGI_Stored_XSS	/src/main/webapp/vulnerability/Messages.jsp	n/a
16 16 16	MEDIUM	CGI_Stored_XSS	/src/main/webapp/vulnerability/DisplayMessage.jsp	n/a
12	MEDIUM	CGI_Stored_XSS	/src/main/webapp/vulnerability/Injection/orm.jsp	n/a
19	MEDIUM	CGI_Stored_XSS	/src/main/webapp/admin/manageusers.jsp	n/a
55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55	MEDIUM	CGI_Stored_XSS	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
37	MEDIUM	CGI_Stored_XSS	/TestDeserialize.java	n/a
60 60 60	MEDIUM	CGI_Stored_XSS	/src/main/webapp/vulnerability/forum.jsp	n/a
19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19 19	MEDIUM	CGI_Stored_XSS	/src/main/webapp/admin/adminlogin.jsp	n/a
12	MEDIUM	CGI_Stored_XSS	/src/main/webapp/vulnerability/forumUsersList.jsp	n/a
13	MEDIUM	CGI_Stored_XSS	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
111	MEDIUM	Download_of_Code_Without_Integrity_Check	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
39	MEDIUM	Excessive_Data_Exposure	/TestSerialize.java	n/a
54 55 56 57 58 59	MEDIUM	External_Control_of_System_or_Config_Setting	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
32	MEDIUM	External_Control_of_System_or_Config_Setting	/src/main/webapp/vulnerability/baasm/SiteTitle.jsp	n/a
21	MEDIUM	External_Control_of_System_or_Config_Setting	/src/main/webapp/admin/Configure.jsp	n/a
11	MEDIUM	HTTP_Response_Splitting	/src/main/webapp/vulnerability/idor/download.jsp	n/a
18	MEDIUM	HTTP_Response_Splitting	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
36	MEDIUM	HTTP_Response_Splitting	/src/main/java/org/cysecurity/cspf/jvl/controller/Open.java	n/a
43 43 43 43 44 44 44	MEDIUM	HTTP_Response_Splitting	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
27	MEDIUM	HttpOnlyCookies	/src/main/webapp/admin/adminlogin.jsp	n/a
62 62 62 66 66 67	MEDIUM	HttpOnlyCookies	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
0	MEDIUM	HttpOnlyCookies_In_Config	/src/main/webapp/WEB-INF/web.xml	n/a
44	MEDIUM	Improper_Restriction_of_XXE_Ref	/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	n/a
40	MEDIUM	Input_Path_Not_Canonicalized	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
18 18	MEDIUM	Input_Path_Not_Canonicalized	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
11 11	MEDIUM	Input_Path_Not_Canonicalized	/src/main/webapp/vulnerability/idor/download.jsp	n/a
18 18	MEDIUM	Input_Path_Not_Canonicalized	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
56	MEDIUM	Missing_HSTS_Header	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
26	MEDIUM	Plaintext_Storage_of_a_Password	/src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java	n/a
50 50 50 50 50	MEDIUM	Privacy_Violation	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
15	MEDIUM	Privacy_Violation	/src/main/webapp/login.jsp	n/a
67	MEDIUM	Privacy_Violation	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
204	MEDIUM	ReDoS_From_Regex_Injection	/VulnerableHTTPServer.java	n/a
35 36	MEDIUM	Trust_Boundary_Violation	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
11 11 11 11	MEDIUM	Trust_Boundary_Violation	/src/main/webapp/admin/adminlogin.jsp	n/a
43 43 43 44 44 44	MEDIUM	Trust_Boundary_Violation	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
11	MEDIUM	Unchecked_Input_for_Loop_Condition	/src/main/webapp/vulnerability/idor/download.jsp	n/a
44	MEDIUM	Unchecked_Input_for_Loop_Condition	/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	n/a
12	MEDIUM	Use_of_a_One_Way_Hash_with_a_Predictable_Salt	/src/main/webapp/admin/adminlogin.jsp	n/a
61	MEDIUM	Use_of_a_One_Way_Hash_with_a_Predictable_Salt	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
26	MEDIUM	XSRF	/src/main/webapp/vulnerability/csrf/change-info.jsp	n/a
27 28	MEDIUM	XSRF	/src/main/webapp/vulnerability/idor/change-email.jsp	n/a
11 11 11	MEDIUM	XSRF	/src/main/webapp/admin/adminlogin.jsp	n/a
54 54 54 54 54 54 54 54 54 54 54 54 54 54 54 54 54 54 54 54 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 57 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 60	MEDIUM	XSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
33	MEDIUM	XSRF	/src/main/webapp/vulnerability/csrf/changepassword.jsp	n/a
43 43 43 44 44 44	MEDIUM	XSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
43 43 44 45 46 47	MEDIUM	XSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
13	MEDIUM	XSRF	/src/main/webapp/admin/manageusers.jsp	n/a
37 38 39	MEDIUM	XSRF	/src/main/webapp/changeCardDetails.jsp	n/a
42 43 44 45	MEDIUM	XSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java	n/a
41 42 43	MEDIUM	XSRF	/src/main/webapp/vulnerability/forum.jsp	n/a
16	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/DisplayMessage.jsp	n/a
9	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/forumposts.jsp	n/a
43 43 44 45 46 47	LOW	Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
18	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
11	LOW	Blind_SQL_Injections	/src/main/webapp/admin/adminlogin.jsp	n/a
35 36	LOW	Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
8	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
42	LOW	Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java	n/a
27 28	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/idor/change-email.jsp	n/a
37 38 39	LOW	Blind_SQL_Injections	/src/main/webapp/changeCardDetails.jsp	n/a
26	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/csrf/change-info.jsp	n/a
18	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
41 42 43	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/forum.jsp	n/a
16 16	LOW	Blind_SQL_Injections	/src/main/webapp/myprofile.jsp	n/a
42	LOW	Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java	n/a
43 44	LOW	Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
43 43	LOW	Blind_SQL_Injections	/src/main/webapp/ForgotPassword.jsp	n/a
13	LOW	Blind_SQL_Injections	/src/main/webapp/admin/manageusers.jsp	n/a
50	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/Injection/orm.jsp	n/a
33	LOW	Blind_SQL_Injections	/src/main/webapp/vulnerability/csrf/changepassword.jsp	n/a
46	LOW	Creation_of_Temp_File_in_Dir_with_Incorrect_Permissions	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
55	LOW	Cross_Site_History_Manipulation	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
54	LOW	Cross_Site_History_Manipulation	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
37	LOW	Cross_Site_History_Manipulation	/src/main/java/org/cysecurity/cspf/jvl/controller/Open.java	n/a
37	LOW	Cross_Site_History_Manipulation	/src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java	n/a
3	LOW	Cross_Site_History_Manipulation	/src/main/webapp/admin/index.jsp	n/a
56	LOW	Cross_Site_History_Manipulation	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
8 20	LOW	Cross_Site_History_Manipulation	/src/main/webapp/admin/adminlogin.jsp	n/a
46	LOW	Cross_Site_History_Manipulation	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java	n/a
30 31 32 33 34 35 36 37	LOW	Data_Leak_Between_Sessions	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
6	LOW	Heap_Inspection	/src/main/webapp/login.jsp	n/a
36	LOW	Heap_Inspection	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
33	LOW	Heap_Inspection	/src/main/webapp/vulnerability/csrf/changepassword.jsp	n/a
44 67	LOW	Heap_Inspection	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
369	LOW	Heap_Inspection	/VulnerableHTTPServer.java	n/a
44	LOW	Heap_Inspection	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
32	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/idor/change-email.jsp	n/a
17 24 26	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/idor/download.jsp	n/a
9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9	LOW	Improper_Exception_Handling	/src/main/webapp/header.jsp	n/a
14 19 20 22 22	LOW	Improper_Exception_Handling	/src/main/webapp/admin/manageusers.jsp	n/a
12 15 18 18	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/forumUsersList.jsp	n/a
48 60 62 65 65 67 69 69 73	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/forum.jsp	n/a
31	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/csrf/change-info.jsp	n/a
13 14 16 16	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
16 17 19 20 21	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/DisplayMessage.jsp	n/a
14 15 17 18 19	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/forumposts.jsp	n/a
43 44 45 45	LOW	Improper_Exception_Handling	/src/main/webapp/ForgotPassword.jsp	n/a
21 22 24 25 26 29 30 33 34 35	LOW	Improper_Exception_Handling	/src/main/webapp/myprofile.jsp	n/a
40	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/csrf/changepassword.jsp	n/a
31 34	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/baasm/SiteTitle.jsp	n/a
14 17 19 19	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/Messages.jsp	n/a
11 12	LOW	Improper_Exception_Handling	/src/main/webapp/vulnerability/Injection/orm.jsp	n/a
20 23	LOW	Improper_Exception_Handling	/src/main/webapp/admin/Configure.jsp	n/a
39	LOW	Improper_Resource_Access_Authorization	/TestSerialize.java	n/a
17 24 24 24	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/idor/download.jsp	n/a
62 70	LOW	Improper_Resource_Access_Authorization	/ExploitGadgetExample1.java	n/a
14	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/Messages.jsp	n/a
13	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
11 12	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/Injection/orm.jsp	n/a
31	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/csrf/change-info.jsp	n/a
19	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp	n/a
32	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/idor/change-email.jsp	n/a
98	LOW	Improper_Resource_Access_Authorization	/DnsWithCommonsCollections.java	n/a
100	LOW	Improper_Resource_Access_Authorization	/SleepExample.java	n/a
24 36 43 43 43	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
48	LOW	Improper_Resource_Access_Authorization	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java	n/a
16	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/DisplayMessage.jsp	n/a
117 119 126 127 128 129 130 131 132 135 136 137 138 139 142 143 144 147 148 151 152 153 157 158 159 160 163 164 165	LOW	Improper_Resource_Access_Authorization	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
139 139 139 184 261 300	LOW	Improper_Resource_Access_Authorization	/VulnerableHTTPServer.java	n/a
54	LOW	Improper_Resource_Access_Authorization	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java	n/a
43	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/changeCardDetails.jsp	n/a
40	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/csrf/changepassword.jsp	n/a
43	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/ForgotPassword.jsp	n/a
12	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/forumUsersList.jsp	n/a
19	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/admin/adminlogin.jsp	n/a
49	LOW	Improper_Resource_Access_Authorization	/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java	n/a
21 29	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/myprofile.jsp	n/a
48 60	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/forum.jsp	n/a
51 54	LOW	Improper_Resource_Access_Authorization	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
55	LOW	Improper_Resource_Access_Authorization	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
137	LOW	Improper_Resource_Access_Authorization	/ReverseShellCommonsCollectionsHashMap.java	n/a
24 36 43 43 43	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
37	LOW	Improper_Resource_Access_Authorization	/TestDeserialize.java	n/a
14 19	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/admin/manageusers.jsp	n/a
125	LOW	Improper_Resource_Access_Authorization	/ExampleCommonsCollections1.java	n/a
58 59	LOW	Improper_Resource_Access_Authorization	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
14	LOW	Improper_Resource_Access_Authorization	/src/main/webapp/vulnerability/forumposts.jsp	n/a
9	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/Messages.jsp	n/a
96 97	LOW	Improper_Resource_Shutdown_or_Release	/DnsWithCommonsCollections.java	n/a
22	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/idor/download.jsp	n/a
10	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp	n/a
123 124	LOW	Improper_Resource_Shutdown_or_Release	/ExampleCommonsCollections1.java	n/a
7	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/UserDetails.jsp	n/a
9	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/admin/manageusers.jsp	n/a
10	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/admin/adminlogin.jsp	n/a
25	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/idor/change-email.jsp	n/a
24	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/csrf/change-info.jsp	n/a
41	LOW	Improper_Resource_Shutdown_or_Release	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java	n/a
72 112 121	LOW	Improper_Resource_Shutdown_or_Release	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
37 38	LOW	Improper_Resource_Shutdown_or_Release	/TestSerialize.java	n/a
21 41	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
27	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/changeCardDetails.jsp	n/a
135 136	LOW	Improper_Resource_Shutdown_or_Release	/ReverseShellCommonsCollectionsHashMap.java	n/a
238 239 249 290	LOW	Improper_Resource_Shutdown_or_Release	/VulnerableHTTPServer.java	n/a
41	LOW	Improper_Resource_Shutdown_or_Release	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java	n/a
42	LOW	Improper_Resource_Shutdown_or_Release	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
14	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/myprofile.jsp	n/a
33	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/baasm/SiteTitle.jsp	n/a
9	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/DisplayMessage.jsp	n/a
21	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/forum.jsp	n/a
33 34	LOW	Improper_Resource_Shutdown_or_Release	/TestDeserialize.java	n/a
7	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/forumposts.jsp	n/a
21 41	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
22	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/admin/Configure.jsp	n/a
7	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/forumUsersList.jsp	n/a
98 99	LOW	Improper_Resource_Shutdown_or_Release	/SleepExample.java	n/a
28	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/csrf/changepassword.jsp	n/a
50	LOW	Improper_Resource_Shutdown_or_Release	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
35	LOW	Improper_Resource_Shutdown_or_Release	/src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java	n/a
40	LOW	Improper_Resource_Shutdown_or_Release	/src/main/webapp/ForgotPassword.jsp	n/a
60 61 68 69	LOW	Improper_Resource_Shutdown_or_Release	/ExploitGadgetExample1.java	n/a
41	LOW	Improper_Resource_Shutdown_or_Release	/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java	n/a
12	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/webapp/vulnerability/idor/download.jsp	n/a
123	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/ExampleCommonsCollections1.java	n/a
33	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
35	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java	n/a
96	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/DnsWithCommonsCollections.java	n/a
39	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java	n/a
31	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
37	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/TestSerialize.java	n/a
40	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java	n/a
72 79	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
41	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	n/a
41	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
35	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/Open.java	n/a
31	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
39	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java	n/a
135	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/ReverseShellCommonsCollectionsHashMap.java	n/a
36	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/Logout.java	n/a
22	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/webapp/admin/Configure.jsp	n/a
33	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/webapp/vulnerability/baasm/SiteTitle.jsp	n/a
38 46	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
60	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/ExploitGadgetExample1.java	n/a
98	LOW	Incorrect_Permission_Assignment_For_Critical_Resources	/SleepExample.java	n/a
44 44 47	LOW	Information_Exposure_Through_Query_String	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
36 36	LOW	Information_Exposure_Through_Query_String	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
33 33 34	LOW	Information_Exposure_Through_Query_String	/src/main/webapp/vulnerability/csrf/changepassword.jsp	n/a
44 44	LOW	Information_Exposure_Through_Query_String	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
12	LOW	Information_Exposure_Through_Query_String	/src/main/webapp/admin/adminlogin.jsp	n/a
69 69 69	LOW	Information_Exposure_Through_an_Error_Message	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java	n/a
55	LOW	Information_Exposure_Through_an_Error_Message	/src/main/webapp/changeCardDetails.jsp	n/a
67	LOW	Information_Exposure_Through_an_Error_Message	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java	n/a
60	LOW	Information_Exposure_Through_an_Error_Message	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java	n/a
172 172 172 178	LOW	Information_Exposure_Through_an_Error_Message	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
69	LOW	Information_Exposure_Through_an_Error_Message	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
254 266 269 271 277 291 294 301 305 307 313 352 356 380 395	LOW	Information_Exposure_Through_an_Error_Message	/VulnerableHTTPServer.java	n/a
53	LOW	Information_Exposure_Through_an_Error_Message	/src/main/webapp/vulnerability/Injection/orm.jsp	n/a
61	LOW	Information_Exposure_Through_an_Error_Message	/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java	n/a
58	LOW	Information_Exposure_Through_an_Error_Message	/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	n/a
32	LOW	Information_Exposure_Through_an_Error_Message	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp	n/a
4	LOW	Information_Leak_Through_Shell_Error_Message	/src/main/webapp/vulnerability/baasm/URLRewriting.jsp	n/a
36	LOW	Missing_Content_Security_Policy	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
5	LOW	Missing_X_Frame_Options	/src/main/webapp/WEB-INF/web.xml	n/a
36	LOW	Open_Redirect	/src/main/java/org/cysecurity/cspf/jvl/controller/Open.java	n/a
43 43 44 44	LOW	Open_Redirect	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
43 44	LOW	Plaintext_Storage_in_a_Cookie	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
1	LOW	Potential_Clickjacking_on_Legacy_Browsers	/src/main/webapp/ForgotPassword.jsp	n/a
54 55 56 57 58 59 60 61	LOW	Race_Condition	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
18 18	LOW	Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
18 18	LOW	Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
39	LOW	Relative_Path_Traversal	/src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java	n/a
40	LOW	Relative_Path_Traversal	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a
11	LOW	Relative_Path_Traversal	/src/main/webapp/vulnerability/idor/download.jsp	n/a
7 7	LOW	Reliance_on_Cookies_in_a_Decision	/src/main/webapp/login.jsp	n/a
7 7	LOW	Reliance_on_Cookies_in_a_Decision	/src/main/webapp/vulnerability/baasm/SiteTitle.jsp	n/a
18	LOW	Reversible_One_Way_Hash	/src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java	n/a
63 68 69	LOW	Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
29	LOW	Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute	/src/main/webapp/admin/adminlogin.jsp	n/a
20	LOW	Serializable_Class_Containing_Sensitive_Data	/Alien.java	n/a
29	LOW	Stored_Absolute_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
29	LOW	Stored_Absolute_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
19 19 19 19	LOW	Stored_Boundary_Violation	/src/main/webapp/admin/adminlogin.jsp	n/a
55 55 55	LOW	Stored_Boundary_Violation	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
24	LOW	Stored_HTTP_Response_Splitting	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
24	LOW	Stored_Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id_union.jsp	n/a
24	LOW	Stored_Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
14	LOW	Suspected_XSS	/src/main/webapp/vulnerability/Messages.jsp	n/a
29	LOW	Suspected_XSS	/src/main/webapp/changeCardDetails.jsp	n/a
27	LOW	Suspected_XSS	/src/main/webapp/vulnerability/csrf/change-info.jsp	n/a
4	LOW	TruffleHog_HighEntropy_Strings	/src/main/webapp/vulnerability/xss/flash/exss.jsp	n/a
36 39	LOW	TruffleHog_HighEntropy_Strings	/VulnerableHTTPServer.java	n/a
38	LOW	Unrestricted_File_Upload	/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java	n/a
54 54 54 54 54 55 55 55 55 56 56 56 56 56 57 57 57 57 57 58 58 58 58 58 58 59 59 59 60 60 60 61 66 67 68 69 70 71 111 112 112 112 117 119 121 121 121 121 127 127	LOW	Unsynchronized_Access_To_Shared_Data	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java	n/a
46	LOW	Use_Of_Hardcoded_Password	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java	n/a
20	LOW	Use_Of_Hardcoded_Password	/Alien.java	n/a
18	LOW	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java	n/a
38	LOW	Use_of_Non_Cryptographic_Random	/src/main/webapp/vulnerability/sqli/download_id.jsp	n/a
60 68	INFO	Portability_Flaw_In_File_Separator	/ExploitGadgetExample1.java	n/a
13	INFO	Portability_Flaw_In_File_Separator	/src/main/webapp/vulnerability/idor/download.jsp	n/a
8 8 8 8 8 8	INFO	Portability_Flaw_In_File_Separator	/src/main/webapp/WEB-INF/config.properties	n/a
45	INFO	Portability_Flaw_In_File_Separator	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java	n/a

Cxwberriel added 4 commits July 27, 2021 12:13

Update LoginValidator.java

c6f7298

Merge branch 'master' into wb-1

7408416

Update Alien.java

2bfc611

Merge pull request #2 from Cxwberriel/Cxwberriel-patch-1

1792472

Update Alien.java

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Wb 1 #3

Wb 1 #3

Cxwberriel commented Jul 27, 2021

Cxwberriel commented Jul 27, 2021

Wb 1 #3

Are you sure you want to change the base?

Wb 1 #3

Conversation

Cxwberriel commented Jul 27, 2021

Cxwberriel commented Jul 27, 2021

SAST Summary

Violation Summary

SAST Details