Back to library list
commons-httpclient__commons-httpclient
Column Insecure: Icon 
indicates the version is insecure, otherwise 
Column CryptoMisuse: Icon indicates the version has cryptographic API misuse, otherwise
indicates the version is insecure, otherwise
Column CryptoMisuse: Icon
indicates the version has cryptographic API misuse, otherwise
| Version | Insecure | CryptoMisuse | Rule name | Method | Statement | Details |
|---|---|---|---|---|---|---|
| 1.0 |
|
|
||||
| 2.0 |
|
|
Cipher | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | r1 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer1269) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | virtualinvoke r1.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1265, $r2) | Second parameter was not properly generated as generated Key |
| - | - |
|
SecretKeySpec | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | specialinvoke $r2.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(r10, varReplacer1270) | First parameter was not properly generated as prepared Key Material |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createCnonce()Ljava/lang/String; | r1 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer60) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | $r86 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r85) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | $r93 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r92) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | r9 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer75) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| 2.0.1 |
|
|
Cipher | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | r11 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer1261) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | virtualinvoke r11.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1257, $r3) | Second parameter was not properly generated as generated Key |
| - | - |
|
SecretKeySpec | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | specialinvoke $r3.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(r12, varReplacer1260) | First parameter was not properly generated as prepared Key Material |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createCnonce()Ljava/lang/String; | r1 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer126) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | $r88 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r87) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | $r95 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r94) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | r9 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer74) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| 2.0.2 |
|
|
Cipher | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | r11 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer1258) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | virtualinvoke r11.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer1260, $r3) | Second parameter was not properly generated as generated Key |
| - | - |
|
SecretKeySpec | org.apache.commons.httpclient.NTLM.getResponseFor(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | specialinvoke $r3.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(r12, varReplacer1261) | First parameter was not properly generated as prepared Key Material |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createCnonce()Ljava/lang/String; | r1 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer126) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | $r88 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r87) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | $r95 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r94) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createDigest(Ljava/lang/String;Ljava/lang/String;Ljava/util/Map;)Ljava/lang/String; | r9 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer89) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| 3.0 |
|
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | $r24 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r23) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | $r82 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r81) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | r9 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer186) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createCnonce()Ljava/lang/String; | r1 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer212) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
Cipher | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | r11 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer264) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | virtualinvoke r11.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer261, $r3) | Second parameter was not properly generated as generated Key |
| - | - |
|
SecretKeySpec | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | specialinvoke $r3.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(r12, varReplacer262) | First parameter was not properly generated as prepared Key Material |
| 3.0.1 |
|
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | $r24 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r23) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | $r82 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r81) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | r9 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer161) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createCnonce()Ljava/lang/String; | r1 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer214) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
Cipher | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | r11 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer265) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | virtualinvoke r11.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer264, $r3) | Second parameter was not properly generated as generated Key |
| - | - |
|
SecretKeySpec | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | specialinvoke $r3.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(r12, varReplacer267) | First parameter was not properly generated as prepared Key Material |
| 3.1 |
|
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | $r24 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r23) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | $r82 = virtualinvoke r9.<java.security.MessageDigest: byte[] digest(byte[])>($r81) | Unexpected call to method digest on object of type java.security.MessageDigest. Expect a call to one of the following methods reset |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.authenticate(Lorg/apache/commons/httpclient/Credentials;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; | r9 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer1985) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.apache.commons.httpclient.auth.DigestScheme.createCnonce()Ljava/lang/String; | r1 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2027) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
Cipher | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | r9 = staticinvoke <javax.crypto.Cipher: javax.crypto.Cipher getInstance(java.lang.String)>(varReplacer2078) | First parameter (with value "DES/ECB/NoPadding") should be any of {AES, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA} |
| - | - |
|
Cipher | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | virtualinvoke r9.<javax.crypto.Cipher: void init(int,java.security.Key)>(varReplacer2075, $r1) | Second parameter was not properly generated as generated Key |
| - | - |
|
SecretKeySpec | org.apache.commons.httpclient.auth.NTLM.getType3Message(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[B)Ljava/lang/String; | specialinvoke $r1.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(r10, varReplacer2077) | First parameter was not properly generated as prepared Key Material |
| 20020423 |
|
|