Java Fixes

• 100 – Server-side request forgery (SSRF)
• 101 – Lack of protection against deletion
• 102 – Email uniqueness not properly verified
• 106 – NoSQL injection
• 107 – LDAP injection
• 108 – Improper control of interaction frequency
• 110 – HTTP request smuggling
• 111 – Out-of-bounds read
• 113 – Improper type assignation
• 114 – Phishing
• 115 – Security controls bypass or absence
• 117 – Unverifiable files
• 118 – Regulation infringement
• 119 – Metadata with sensitive information
• 120 – Improper dependency pinning
• 121 – HTTP parameter pollution
• 122 – Email flooding
• 123 – Local file inclusion
• 124 – Race condition
• 125 – Directory listing
• 126 – Lack of isolation methods
• 127 – Lack of data validation - Type confusion
• 128 – Insecurely generated cookies - HttpOnly
• 129 – Insecurely generated cookies - SameSite
• 130 – Insecurely generated cookies - Secure
• 131 – Insecure or unset HTTP headers - Strict Transport Security
• 132 – Insecure or unset HTTP headers - X-Content-Type-Options
• 133 – Insecure encryption algorithm - Perfect Forward Secrecy
• 134 – Insecure or unset HTTP headers - CORS
• 135 – Insecure or unset HTTP headers - X-XSS Protection
• 136 – Insecure or unset HTTP headers - Cache Control
• 137 – Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
• 138 – Inappropriate coding practices
• 140 – Insecure exceptions - Empty or no catch
• 141 – Lack of data validation - URL
• 142 – Sensitive information in source code - API Key
• 143 – Inappropriate coding practices - Eval function
• 145 – Inappropriate coding practices - Cyclomatic complexity
• 146 – SQL injection
• 147 – Insecure encryption algorithm - SSLContext
• 148 – Use of an insecure channel - FTP
• 149 – Use of an insecure channel - SMTP
• 151 – Use of an insecure channel - Telnet
• 152 – Insecure or unset HTTP headers - X-Frame Options
• 153 – Insecure or unset HTTP headers - Accept
• 154 – Time-based SQL Injection
• 155 – SQL Injection - Headers
• 156 – Uncontrolled external site redirect
• 157 – Unrestricted access between network segments
• 159 – Excessive privileges
• 160 – Excessive privileges - Temporary Files
• 182 – Email spoofing
• 183 – Debugging enabled in production
• 184 – Lack of data validation
• 185 – Lack of data validation - Header x-amzn-RequestId
• 186 – Lack of data validation - Web Service
• 187 – Lack of data validation - Source Code
• 189 – Lack of data validation - Content Spoofing
• 190 – Lack of data validation - Session Cookie
• 191 – Lack of data validation - Responses
• 192 – Lack of data validation - Reflected Parameters
• 193 – Lack of data validation - Host Header Injection
• 194 – Lack of data validation - Input Length
• 195 – Lack of data validation - Headers
• 196 – Lack of data validation - Dates
• 197 – Lack of data validation - Numbers
• 198 – Lack of data validation - Out of range
• 199 – Lack of data validation - Emails
• 200 – Traceability loss
• 201 – Unauthorized access to files
• 203 – Unauthorized access to files - S3 Bucket
• 204 – Insufficient data authenticity validation
• 208 – Security controls bypass or absence - Antivirus
• 210 – Security controls bypass or absence - Facial Recognition
• 211 – Asymmetric denial of service - ReDoS
• 212 – Security controls bypass or absence - Cloudflare
• 213 – Business information leak - JWT
• 214 – Business information leak - Credentials
• 216 – Business information leak - Source Code
• 217 – Business information leak - Credit Cards
• 218 – Business information leak - Network Unit
• 220 – Business information leak - Token
• 221 – Business information leak - Users
• 222 – Business information leak - DB
• 226 – Business information leak - Personal Information
• 228 – Business information leak - Analytics
• 231 – Message flooding
• 233 – Incomplete funcional code
• 234 – Technical information leak - Stacktrace
• 235 – Technical information leak - Headers
• 236 – Technical information leak - SourceMap
• 237 – Technical information leak - Print Functions
• 238 – Technical information leak - API
• 239 – Technical information leak - Errors
• 240 – Authentication mechanism absence or evasion - OTP
• 243 – Authentication mechanism absence or evasion - Admin Console
• 245 – Non-encrypted confidential information - Credit Cards
• 246 – Non-encrypted confidential information - DB
• 248 – Non-encrypted confidential information - LDAP
• 249 – Non-encrypted confidential information - Credentials
• 250 – Non-encrypted hard drives
• 252 – Automatic information enumeration - Open ports
• 254 – Automatic information enumeration - Credit Cards
• 255 – Insecure functionality - Pass the hash
• 261 – Insecure encryption algorithm - DSA
• 262 – Insecure encryption algorithm - SHA1
• 263 – Insecure encryption algorithm - MD5
• 264 – Insecure encryption algorithm - TripleDES
• 265 – Insecure encryption algorithm - AES
• 269 – Insecure encryption algorithm - Blowfish
• 270 – Insecure functionality - File Creation
• 271 – Insecure functionality - Password management
• 272 – Insecure functionality - Masking
• 273 – Insecure functionality - Fingerprint
• 274 – Restricted fields manipulation
• 276 – Sensitive information sent via URL parameters - Session
• 277 – Weak credential policy - Password Expiration
• 280 – Session Fixation
• 282 – Insecure encryption algorithm - ECB
• 283 – Automatic information enumeration - Personal Information
• 284 – Non-encrypted confidential information - Base 64
• 286 – Insecure object reference - Personal information
• 287 – Insecure object reference - Corporate information
• 288 – Insecure object reference - Financial information
• 289 – Technical information leak - Logs
• 290 – Technical information leak - IPs
• 291 – Business information leak - Financial Information
• 295 – Insecure session management - Change Password
• 296 – Weak credential policy - Password Change Limit
• 297 – SQL injection - Code
• 298 – Authentication mechanism absence or evasion - Redirect
• 301 – Concurrent sessions control bypass
• 302 – Insecure functionality - Session management
• 305 – Security controls bypass or absence - Data creation
• 306 – Insecure object reference - Files
• 307 – Insecure object reference - Data
• 308 – Enabled default configuration
• 309 – Insecurely generated token - JWT
• 317 – Improper resource allocation - Memory leak
• 318 – Insecurely generated token - Validation
• 321 – Lack of data validation - HTML code
• 322 – Insecurely generated token - Lifespan
• 324 – Insecure functionality - User management
• 328 – Insecure object reference - Session management
• 329 – Insecure or unset HTTP headers - Content-Type
• 330 – Lack of protection against brute force attacks - Credentials
• 332 – Use of insecure channel - Source code
• 336 – Business information leak - Corporate information
• 337 – Insecure session management - CSRF Fixation
• 340 – Lack of data validation - Special Characters
• 341 – Lack of data validation - OTP
• 344 – Lack of data validation - Non Sanitized Variables
• 345 – Security controls bypass or absence - Session Invalidation
• 349 – Technical information leak - Credentials
• 353 – Lack of data validation - Token
• 354 – Insecure file upload - Files Limit
• 355 – Insufficient data authenticity validation - Checksum verification
• 359 – Sensitive information in source code - Credentials
• 362 – Technical information leak - Content response
• 363 – Weak credential policy - Password strength
• 364 – Weak credential policy - Temporary passwords
• 365 – Authentication mechanism absence or evasion - Response tampering
• 369 – Insecure object reference - User deletion
• 371 – DOM-Based cross-site scripting (XSS)
• 372 – Use of an insecure channel - HTTP
• 375 – Security controls bypass or absence - Tampering Protection
• 378 – Non-encrypted confidential information - Hexadecimal
• 383 – Insecurely generated token - OTP
• 384 – Inappropriate coding practices - Wildcard export
• 388 – Insecure authentication method - NTLM
• 391 – Inappropriate coding practices - Unused properties
• 393 – Use of software with known vulnerabilities in development
• 395 – Insecure generation of random numbers - Static IV
• 397 – Insecure authentication method - LDAP
• 404 – OS Command Injection
• 405 – Excessive privileges - Access Mode
• 411 – Insecure encryption algorithm - Default encryption
• 417 – Account Takeover
• 420 – Password reset poisoning
• 421 – Insecure encryption algorithm - Insecure Elliptic Curve
• 422 – Server side template injection
• 425 – Server side cross-site scripting
• 428 – Inappropriate coding practices - invalid file
• 432 – Inappropriate coding practices - relative path command
• 435 – Use of software with known vulnerabilities in environments
• 436 – Security controls bypass or absence - Fingerprint
• 002 – Asymmetric denial of service
• 003 – Symmetric denial of service
• 004 – Remote command execution
• 005 – Privilege escalation
• 006 – Authentication mechanism absence or evasion
• 007 – Cross-site request forgery
• 008 – Reflected cross-site scripting (XSS)
• 009 – Sensitive information in source code
• 010 – Stored cross-site scripting (XSS)
• 011 – Use of software with known vulnerabilities
• 013 – Insecure object reference
• 014 – Insecure functionality
• 015 – Insecure authentication method - Basic
• 016 – Insecure encryption algorithm - SSL/TLS
• 017 – Sensitive information sent insecurely
• 019 – Administrative credentials stored in cache memory
• 020 – Non-encrypted confidential information
• 021 – XPath injection
• 022 – Use of an insecure channel
• 023 – Uncontrolled external site redirect - Host Header Injection
• 026 – User enumeration
• 027 – Insecure file upload
• 028 – Insecure temporary files
• 029 – Inadequate file size control
• 030 – Sensitive information sent via URL parameters
• 033 – Password change without identity check
• 034 – Insecure generation of random numbers
• 035 – Weak credential policy
• 037 – Technical information leak
• 038 – Business information leak
• 039 – Improper authorization control for web services
• 041 – Enabled default credentials
• 042 – Insecurely generated cookies
• 043 – Insecure or unset HTTP headers - Content-Security-Policy
• 044 – Insecure HTTP methods enabled
• 047 – Automatic information enumeration
• 050 – Guessed weak credentials
• 051 – Cracked weak credentials
• 052 – Insecure encryption algorithm
• 053 – Lack of protection against brute force attacks
• 056 – Anonymous connection
• 057 – Asymmetric denial of service - Content length
• 059 – Sensitive information stored in logs
• 061 – Remote File Inclusion
• 062 – Concurrent sessions
• 063 – Lack of data validation - Path Traversal
• 064 – Traceability loss - Server's clock
• 066 – Technical information leak - Console functions
• 067 – Improper resource allocation
• 068 – Insecure session expiration time
• 069 – Weak CAPTCHA
• 071 – Insecure or unset HTTP headers - Referrer-Policy
• 073 – Improper authorization control for web services - RDS
• 076 – Insecure session management
• 078 – Insecurely generated token
• 079 – Non-upgradable dependencies
• 080 – Business information leak - Customers or providers
• 081 – Lack of multi-factor authentication
• 082 – Insecurely deleted files
• 083 – XML injection (XXE)
• 087 – Account lockout
• 088 – Privacy violation
• 089 – Lack of data validation - Trust boundary violation
• 090 – CSV injection
• 091 – Log injection
• 092 – Insecure encryption algorithm - Anonymous cipher suites
• 093 – Hidden fields manipulation
• 094 – Insecure encryption algorithm - Cipher Block Chaining
• 095 – Data uniqueness not properly verified
• 096 – Insecure deserialization
• 098 – External control of file name or path