Issue Types (Java)

Exploitable Security Issues (60)

NameSeverityCWE [?]OWASP Top 10 (2010) [?]OWASP Top 10 (2013) [?]OWASP Top 10 (2017) [?]SANS 25 [?]PCI DSS [?]ASVS 3.01 [?]
Command InjectionCritical78A1A1A126.5.15.12
Code InjectionCritical95A1A1A1186.5.116.4
File Write (Arbitrary)Critical96A1A1A1106.5.816.2
File Write (PHP file)Critical96A1A1A1106.5.8
SQL InjectionCritical89A1A1A116.5.15.1
SQL Injection (unquoted)Critical89A1A1A116.5.15.1
SQL Injection (single-quoted)Critical89A1A1A116.5.15.1
SQL Injection (double-quoted)Critical89A1A1A116.5.15.1
Object InjectionCritical502A4A4A8186.5.1
Path TraversalHigh22A4A4A5136.5.89.5
Path Traversal (limited)High626A4A4A5136.5.89.5
LDAP InjectionHigh90A1A1A1
6.5.1
Object InstantiationHigh470A4A4A5106.5.816.4
Denial of ServiceHigh730A1A5A1
6.5.5
Cross-Site ScriptingMedium79A2A3A746.5.75.15
Cross-Site Scripting (normal tag)Medium80A2A3A746.5.75.15
Cross-Site Scripting (script tag)Medium79A2A3A746.5.75.15

Cross-Site Scripting (style tag)

Medium79A2A3A746.5.75.15
Cross-Site Scripting (comment)Medium80A2A3A746.5.75.15
Cross-Site Scripting (attribute name)Medium79A2A3A746.5.75.15
Cross-Site Scripting (unquoted attribute)Medium79A2A3A746.5.75.15
Cross-Site Scripting (single-quoted attribute)Medium79A2A3A746.5.75.15
Cross-Site Scripting (double-quoted attribute)Medium79A2A3A746.5.75.15
Cross-Site Scripting (eventhandler)Medium83A2A3A746.5.75.15
Cross-Site Scripting (url attribute)Medium84A2A3A746.5.75.15
Cross-Site Scripting (style attribute)Medium79A2A3A746.5.75.15
File CreateMedium73A4A4A5136.5.816.2
File DeleteMedium73A4A4A10136.5.89.5
File ManipulationMedium732A4A4A5176.5.89.5
File WriteMedium96A4A1A1106.5.816.2
File Write (JSON file)Medium96A4A4A5106.5.816.2
File Write (CSS file)Medium96A2A3A7106.5.816.2
File Write (HTML file)Medium96A2A3A7106.5.816.2
XML/XXE InjectionMedium91A1A1A4
6.5.15.14
XQuery InjectionMedium652A1A1A1
6.5.15.14
XPath InjectionMedium643A1A1A1
6.5.15.14
XPath Injection (unquoted)Medium643A1A1A1
6.5.15.14
XPath Injection (single-quoted)Medium643A1A1A1
6.5.15.14
XPath Injection (double-quoted)Medium643A1A1A1
6.5.15.14
HTTP Response SplittingMedium113A10A10A1

3.1
Session FixationMedium384A3A2A2
6.5.103.1
Server-Side Request ForgeryMedium918A8A10A2
6.5.116.1
File UploadMedium434
A5A596.5.8
Reflection InjectionMedium470A1A7A5166.5.816.4
Open RedirectMedium601A10A10A2226.5.816.1
NoSQL InjectionMedium94A1A1A1
6.5.1
MongoDB InjectionMedium94A1A1A1
6.5.1
XSLT InjectionMedium494A1A1A196.5.15.14
Log ForgingLow117A4A4A10

8.8
Directory ListingLow548A4A4A5136.5.84.5
Connection String InjectionLow99A3A5A2166.5.4
Connection String Injection (FTP)Low99A3A5A2166.5.4
Connection String Injection (DBMS)Low99A3A5A2166.5.4
Resource InjectionLow93A9A4A5166.5.1
Resource Injection (Mail)Low93A9A4A5166.5.1
Resource Injection (FTP)Low93A9A4A5166.5.1
Environment ManipulationLow471A4A5A2106.5.8
Library InjectionLow114A1A5A111

HTTP Parameter PollutionLow233A10A10A2
6.5.45.17
Format String Information LeakageLow134
A6A3
6.5.5


Code Quality Issues (16)

NameSeverityCWE [?]OWASP Top 10 (2010)OWASP Top 10 (2013) [?]OWASP Top 10 (2017)SANS 25 [?]PCI DSS [?]ASVS 3.01 [?]
Information LeakageLow209
A6A3
6.5.58.1
Information Leakage (System)Low214
A6A3
6.5.58.1
Information Leakage (Session Token in URL)Low201A3A2A2
6.5.103.6
Cookie MisconfigurationLow494A6A5A6
6.5.103.12
Cookie Misconfiguration (expiry)Low539A6A5A6
6.5.103.4

Weak Cryptography

Low310A9A6A3
6.5.3
Weak Cryptography (broken algorithm)Low327A9A6A3196.5.37.8
Weak Cryptography (low entropy)Low330A9A6A3
6.5.37.15
Weak Cryptography (missing padding)Low325A9A6A3
6.5.3
Weak Cryptography (cert verification)Low295A9A6A3
6.5.410.3
Weak CORS HeaderLow346A6A5A6
6.5.416.5
Generic Exception CatchLow396





Return Inside FinallyLow584





Dangerous FeatureLow242





Hard-coded PasswordLow259





Weak Hash FunctionLow328A7