SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Pennie Walters

Saved on

compared with

New Version 53

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

IDS06 IDS09- J

medium

probable

medium

P8

L2

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Fortify 08|AA. Java References#Fortify 08]\] "Input Validation and Representation: XML Injection"
\[[Sen 07|AA. Java References#Sen 07]\]
\[[Sun 06|AA. Java References#Sun 06]\] [Ensure Data Security|http://java.sun.com/developer/technicalArticles/xml/jaxp1-3/index.html#Ensure%20Data%20Security]
\[[OWASP 05|AA. Java References#OWASP 05]\] [Testing for XPath Injection|http://www.owasp.org/index.php/XPath_Injection_Testing_AoC]
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 643|http://cwe.mitre.org/data/definitions/247.html] "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')"

...