SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 177

changes.mady.by.user Yozo TODA

Saved on

compared with

New Version 178

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added parasoft

...

ToolVersionCheckerDescription
Coverity7.5

SQLI
FB.SQL_PREPARED_STATEMENT_GENERATED_
FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE

Implemented
Findbugs1.0SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTEImplemented
Fortify1.0

HTTP_Response_Splitting
SQL_Injection__Persistence
SQL_Injection

Implemented
Klocwork 

SV.DATA.BOUND
SV.DATA.DB
SV.HTTP_SPLIT
SV.PATH
SV.PATH.INJ
SV.SQL

Implemented
Parasoft Jtest9.5BD-SECURITY-TDSQLImplemented

Related Vulnerabilities

CVE-2008-2370 describes a vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16. When a RequestDispatcher is used, Tomcat performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

...