Issue Types (Java)

Exploitable Security Issues (60)

Name Severity CWE [?] OWASP Top 10 (2010) [?] OWASP Top 10 (2013) [?] OWASP Top 10 (2017) [?] SANS 25 [?] PCI DSS [?] ASVS 3.01 [?]
Command Injection Critical 78 A1 A1 A1 2 6.5.1 5.12
Code Injection Critical 95 A1 A1 A1 18 6.5.1 16.4
File Write (Arbitrary) Critical 96 A1 A1 A1 10 6.5.8 16.2
File Write (PHP file) Critical 96 A1 A1 A1 10 6.5.8
SQL Injection Critical 89 A1 A1 A1 1 6.5.1 5.1
SQL Injection (unquoted) Critical 89 A1 A1 A1 1 6.5.1 5.1
SQL Injection (single-quoted) Critical 89 A1 A1 A1 1 6.5.1 5.1
SQL Injection (double-quoted) Critical 89 A1 A1 A1 1 6.5.1 5.1
Object Injection Critical 502 A4 A4 A8 18 6.5.1
Path Traversal High 22 A4 A4 A5 13 6.5.8 9.5
Path Traversal (limited) High 626 A4 A4 A5 13 6.5.8 9.5
LDAP Injection High 90 A1 A1 A1
6.5.1
Object Instantiation High 470 A4 A4 A5 10 6.5.8 16.4
Denial of Service High 730 A1 A5 A1
6.5.5
Cross-Site Scripting Medium 79 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (normal tag) Medium 80 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (script tag) Medium 79 A2 A3 A7 4 6.5.7 5.15

Cross-Site Scripting (style tag)

Medium 79 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (comment) Medium 80 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (attribute name) Medium 79 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (unquoted attribute) Medium 79 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (single-quoted attribute) Medium 79 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (double-quoted attribute) Medium 79 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (eventhandler) Medium 83 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (url attribute) Medium 84 A2 A3 A7 4 6.5.7 5.15
Cross-Site Scripting (style attribute) Medium 79 A2 A3 A7 4 6.5.7 5.15
File Create Medium 73 A4 A4 A5 13 6.5.8 16.2
File Delete Medium 73 A4 A4 A10 13 6.5.8 9.5
File Manipulation Medium 732 A4 A4 A5 17 6.5.8 9.5
File Write Medium 96 A4 A1 A1 10 6.5.8 16.2
File Write (JSON file) Medium 96 A4 A4 A5 10 6.5.8 16.2
File Write (CSS file) Medium 96 A2 A3 A7 10 6.5.8 16.2
File Write (HTML file) Medium 96 A2 A3 A7 10 6.5.8 16.2
XML/XXE Injection Medium 91 A1 A1 A4
6.5.1 5.14
XQuery Injection Medium 652 A1 A1 A1
6.5.1 5.14
XPath Injection Medium 643 A1 A1 A1
6.5.1 5.14
XPath Injection (unquoted) Medium 643 A1 A1 A1
6.5.1 5.14
XPath Injection (single-quoted) Medium 643 A1 A1 A1
6.5.1 5.14
XPath Injection (double-quoted) Medium 643 A1 A1 A1
6.5.1 5.14
HTTP Response Splitting Medium 113 A10 A10 A1

3.1
Session Fixation Medium 384 A3 A2 A2
6.5.10 3.1
Server-Side Request Forgery Medium 918 A8 A10 A2
6.5.1 16.1
File Upload Medium 434
A5 A5 9 6.5.8
Reflection Injection Medium 470 A1 A7 A5 16 6.5.8 16.4
Open Redirect Medium 601 A10 A10 A2 22 6.5.8 16.1
NoSQL Injection Medium 94 A1 A1 A1
6.5.1
MongoDB Injection Medium 94 A1 A1 A1
6.5.1
XSLT Injection Medium 494 A1 A1 A1 9 6.5.1 5.14
Log Forging Low 117 A4 A4 A10

8.8
Directory Listing Low 548 A4 A4 A5 13 6.5.8 4.5
Connection String Injection Low 99 A3 A5 A2 16 6.5.4
Connection String Injection (FTP) Low 99 A3 A5 A2 16 6.5.4
Connection String Injection (DBMS) Low 99 A3 A5 A2 16 6.5.4
Resource Injection Low 93 A9 A4 A5 16 6.5.1
Resource Injection (Mail) Low 93 A9 A4 A5 16 6.5.1
Resource Injection (FTP) Low 93 A9 A4 A5 16 6.5.1
Environment Manipulation Low 471 A4 A5 A2 10 6.5.8
Library Injection Low 114 A1 A5 A1 11

HTTP Parameter Pollution Low 233 A10 A10 A2
6.5.4 5.17
Format String Information Leakage Low 134
A6 A3
6.5.5


Code Quality Issues (16)

Name Severity CWE [?] OWASP Top 10 (2010) OWASP Top 10 (2013) [?] OWASP Top 10 (2017) SANS 25 [?] PCI DSS [?] ASVS 3.01 [?]
Information Leakage Low 209
A6 A3
6.5.5 8.1
Information Leakage (System) Low 214
A6 A3
6.5.5 8.1
Information Leakage (Session Token in URL) Low 201 A3 A2 A2
6.5.10 3.6
Cookie Misconfiguration Low 494 A6 A5 A6
6.5.10 3.12
Cookie Misconfiguration (expiry) Low 539 A6 A5 A6
6.5.10 3.4

Weak Cryptography

Low 310 A9 A6 A3
6.5.3
Weak Cryptography (broken algorithm) Low 327 A9 A6 A3 19 6.5.3 7.8
Weak Cryptography (low entropy) Low 330 A9 A6 A3
6.5.3 7.15
Weak Cryptography (missing padding) Low 325 A9 A6 A3
6.5.3
Weak Cryptography (cert verification) Low 295 A9 A6 A3
6.5.4 10.3
Weak CORS Header Low 346 A6 A5 A6
6.5.4 16.5
Generic Exception Catch Low 396





Return Inside Finally Low 584





Dangerous Feature Low 242





Hard-coded Password Low 259





Weak Hash Function Low 328 A7