Update cx.yml by cx-sean-carroll · Pull Request #1 · CxSeanOrg/JavaVulnerableLab

cx-sean-carroll · 2023-03-30T14:57:01Z

No description provided.

[skip ci]

cx-sean-carroll · 2023-03-31T00:59:11Z

Checkmarx One – Scan Summary & Details – be7db1bf-9bf3-445e-a164-0d74d9c01bc7

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2015-4852	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
CVE-2015-7501	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
CVE-2022-4492	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
CVE-2022-45688	Maven-org.json:json-20131018	Vulnerable Package
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/ForgotPassword.jsp: 42	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	Attack Vector
Side_Channel_Data_Leakage	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/admin/adminlogin.jsp: 12	Attack Vector
Side_Channel_Data_Leakage	/src/main/webapp/login.jsp: 15	Attack Vector
RDS With Backup Disabled	/rds.tf: 1	Make sure the AWS RDS configuration has automatic backup configured. If the retention period is equal to 0 there is no backup
Stored_Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id_union.jsp: 24	Attack Vector
Stored_Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id.jsp: 24	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 36	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java: 35	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java: 25	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/csrf/changepassword.jsp: 33	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 60	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 58	Attack Vector
Blind_SQL_Injections	/src/main/webapp/changeCardDetails.jsp: 39	Attack Vector
Blind_SQL_Injections	/src/main/webapp/changeCardDetails.jsp: 38	Attack Vector
Blind_SQL_Injections	/src/main/webapp/changeCardDetails.jsp: 37	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/idor/change-email.jsp: 27	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/csrf/change-info.jsp: 26	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/sqli/download_id.jsp: 18	Attack Vector
Blind_SQL_Injections	/src/main/webapp/myprofile.jsp: 16	Attack Vector
Blind_SQL_Injections	/src/main/webapp/myprofile.jsp: 16	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/UserDetails.jsp: 8	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/forum.jsp: 43	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/forum.jsp: 42	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/forum.jsp: 41	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/idor/change-email.jsp: 28	Attack Vector
Blind_SQL_Injections	/src/main/webapp/admin/manageusers.jsp: 13	Attack Vector
Blind_SQL_Injections	/src/main/webapp/admin/adminlogin.jsp: 11	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/forumposts.jsp: 9	Attack Vector
Blind_SQL_Injections	/src/main/webapp/ForgotPassword.jsp: 42	Attack Vector
Blind_SQL_Injections	/src/main/webapp/ForgotPassword.jsp: 42	Attack Vector
Blind_SQL_Injections	/src/main/webapp/vulnerability/DisplayMessage.jsp: 16	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 47	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 44	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java: 44	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java: 43	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 46	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 45	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 44	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43	Attack Vector
Blind_SQL_Injections	/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java: 43	Attack Vector
Heap_Inspection	/src/main/webapp/vulnerability/Injection/orm.jsp: 31	Attack Vector
Heap_Inspection	/src/main/webapp/vulnerability/csrf/changepassword.jsp: 34	Attack Vector
Heap_Inspection	/src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java: 28	Attack Vector
Heap_Inspection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 33	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/idor/download.jsp: 22	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/securitymisconfig/pages.jsp: 10	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/sqli/download_id.jsp: 41	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/admin/manageusers.jsp: 9	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/ForgotPassword.jsp: 39	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/DisplayMessage.jsp: 9	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/sqli/download_id.jsp: 21	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/admin/adminlogin.jsp: 10	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/csrf/change-info.jsp: 24	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/sqli/download_id_union.jsp: 21	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/admin/Configure.jsp: 22	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/myprofile.jsp: 14	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/UserDetails.jsp: 7	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/csrf/changepassword.jsp: 28	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/forumposts.jsp: 7	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/baasm/SiteTitle.jsp: 33	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/forum.jsp: 21	Attack Vector
Improper_Resource_Shutdown_or_Release	/src/main/webapp/vulnerability/forumUsersList.jsp: 7

More results are available on AST platform

cx-sean-carroll added 30 commits April 30, 2021 14:28

Set up CI with Azure Pipelines

4fdb80a

[skip ci]

Update azure-pipelines.yml for Azure Pipelines

2587811

Update azure-pipelines.yml for Azure Pipelines

7f19f79

Update azure-pipelines.yml for Azure Pipelines

9192d3d

Update azure-pipelines.yml for Azure Pipelines

50f7a7a

Create test.txt

d9a2e71

Update test.txt

e78ad7d

Update test.txt

8f4f6d9

Update test.txt

2bdc210

Update test.txt

2dd0a0b

Update test.txt

906b993

Update test.txt

9096d08

Update test.txt

27e130d

Update test.txt

139bdb8

Update test.txt

0fe853d

Update test.txt

b5baca5

Update test.txt

8775478

Update test.txt

73cd392

Update test.txt

8c83925

Update test.txt

f8fb53b

Update and rename test.txt to testtest.txt

f7ac012

Update testtest.txt

cf821c9

Update testtest.txt

0933244

Update testtest.txt

937670e

Update testtest.txt

05aa3d4

Update testtest.txt

85ef587

Update testtest.txt

17e4b2b

Update testtest.txt

e811394

Update testtest.txt

f743973

Update testtest.txt

dbbc271

cx-sean-carroll added 3 commits July 20, 2021 15:49

Update testtest.txt

d6f3a31

Update testtest.txt

5db69a9

Update cx.yml

9ef504c

cx-sean-carroll force-pushed the master branch from 511bfc5 to b5658e0 Compare March 13, 2024 22:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update cx.yml#1

Update cx.yml#1
cx-sean-carroll wants to merge 33 commits intomasterfrom
CxSeanC-patch-1

cx-sean-carroll commented Mar 30, 2023

Uh oh!

cx-sean-carroll commented Mar 31, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

cx-sean-carroll commented Mar 30, 2023

Uh oh!

cx-sean-carroll commented Mar 31, 2023

New Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant