Highest Voted 'veracode' Questions

6

votes

1 answer

CWE-ID 100 Fix for MVC5

Our application is being dinged several hundred times CWE-ID 100 "flaws" related to Technology-Specific Input Validation Problems according to Veracode. According to their docs, the remediation is to check the ModelState.IsValid property on a model…

c# asp.net-mvc asp.net-mvc-5 veracode

asked Jun 07 '17 at 16:11

mituw16

5,126
3
23
48

6

votes

2 answers

Handle cross site scripting flaw raised by veracode

We have a legacy web application in ASP.Net and C#, for which we are getting around 400 plus cross site scripting flaw raised by Veracode scan. I have created a sample web application and simulated the issue, and found that whenever we are using any…

c# asp.net veracode

asked Nov 18 '16 at 14:26

Alok

266
2
14

6

votes

5 answers

How to fix Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) with error message?

We use web control adapter in our login page. Recently we run VeraCode on our web application. In following function, we got CWE80, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS), on the line rev.ErrorMessage =…

veracode

asked Feb 20 '14 at 15:39

GLP

3,441
20
59
91

5

votes

0 answers

How to fix CWE 566 Authorization Bypass Through User-Controlled SQL Primary Key

I have a JEE application that uses hibernate, and Veracode complains about some lines of code that I do not know how to fix. Basically, we have a generic class to perform basic operations on entities public void delete(T entity, final boolean…

java spring hibernate veracode

asked Nov 17 '21 at 17:09

M. Yousfi

578
5
24

5

votes

2 answers

How to neutralize of CRLF Sequences in HTTP Headers

I have gone through this link. [How to fix "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')" But it does not give me the solution. My code is also giving the error "Improper Neutralization of CRLF Sequences in…

java veracode

asked May 07 '14 at 10:07

koushik

99
1
9

4

votes

0 answers

Veracode Scan XSS issue for Response.BinaryWrite() method

While running the veracode scan, a vulnerability has been thrown for the below line: Page.Response.BinaryWrite(stream.GetBuffer()); Where, stream is an object of System.IO.MemoryStream. I have tried the below line of…

c# xss veracode

asked Nov 27 '19 at 12:30

HarshSharma

630
3
9
34

4

votes

1 answer

Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE ID 93)

In Veracode report I am getting Error CWE 93 in some of the java files. In Instance of static scan some code is MimeMessage msg = new MimeMessage(session); msg.setFrom(new InternetAddress(msmtpfrom)); 2.msg.setRecipients(Message.RecipientType.TO,…

java veracode crlf-vulnerability

asked Apr 16 '19 at 10:12

Jaydeep Bobade

1,005
2
16
25

4

votes

3 answers

Veracode CWE id 611

I have a piece of code where there is veracode finding for Improper Restriction of XML External Entity Reference ('XXE') Attack. Code: Transformer transformer = TransformerFactory.newInstance().newTransformer(); StreamResult result = new…

veracode

asked Mar 06 '19 at 08:18

Ab_sin

121
2
10

4

votes

2 answers

"Improper Resource Shutdown or Release" error from Veracode, why?

What is wrong with this code? Moreover how do I fix it? public class BodyStreamMiddleware { private readonly RequestDelegate _next; public BodyStreamMiddleware(RequestDelegate next) { _next = next; } public async Task…

c# .net-core veracode

asked Nov 13 '17 at 11:17

NeedHack

2,943
3
30
44

4

votes

0 answers

Improper Restriction of XML External Entity Reference - Java with DocumentBuilderFactory

I've been trying to resolve the Veracode "Improper Restriction of XML External Entity Reference" flaw. I looked up the issue online and a found a few suggestions on how to resolve it, namely: Set the features mentioned in the OWASP cheat sheet Set…

java xml external veracode xxe

asked Jun 09 '17 at 19:37

EH Khiari

335
1
4
12

4

votes

2 answers

Avoid scanning third party libraries in Veracode

We recently started using Veracode for vulnerability testing. Is there a way to selectively exclude all the third party libraries and focus the scan only on our internal libraries code?

veracode

asked Mar 29 '16 at 00:11

user6126683

43
1
3

4

votes

1 answer

What is Veracode Scan used for?

I have made some searches with but, but was unable to discover the purpose of Veracode Scan. Also, I would like to know why veracode scanner is plugged in to Jenkins. Could anyone help me with this? I am posting this here, as I am unable to find an…

veracode

asked Oct 24 '15 at 11:59

Faz

534
1
9
27

4

votes

4 answers

ASP.NET Veracode Scanning issues

Our client uses Veracode scanning tool to scan ASP.NET Application. We have solved many flaws except for the below. Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') (CWE ID 113)(1 flaw) in the line …

asp.net veracode

asked Dec 21 '12 at 04:51

PADMANABHAN KANNAN

51
1
3

3

votes

2 answers

CVE-2016-1000027 Fix for CVE-2016-1000027 in java 8 version

I can see CVE-2016-1000027 has a vulnurability for spring web versions below 6.0.0. Im looking for a dependency fix in java 8 version as spring web 6.0 is only compatible with java 17

spring spring-boot gradle veracode

asked Dec 20 '22 at 11:51

Farhaan Shaik

123
1
2
8

3

votes

1 answer

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

I have used following method to call stored procedures from my application and it is working perfectly. The main issue is that when i run veracode on my application, it is giving me following error on ExecuteReader, "Improper Neutralization of…

c# asp.net-mvc ado.net sql-injection veracode

asked Jul 26 '21 at 07:27

Alishba Jawaid

39
1

Questions tagged [veracode]