Back to library list
org.mortbay.jetty__jetty
Column Insecure: Icon 
indicates the version is insecure, otherwise 
Column CryptoMisuse: Icon indicates the version has cryptographic API misuse, otherwise
indicates the version is insecure, otherwise
Column CryptoMisuse: Icon
indicates the version has cryptographic API misuse, otherwise
| Version | Insecure | CryptoMisuse | Rule name | Method | Statement | Details |
|---|---|---|---|---|---|---|
| 4.2.2 |
|
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | $r52 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2735) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | virtualinvoke $r9.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
KeyStore | org.mortbay.http.SunJsseListener.start()V | virtualinvoke r60.<java.security.KeyStore: void load(java.io.InputStream,char[])>($r61, $r66) | Second parameter should never be of type java.lang.String. |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | $r12 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3985) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | virtualinvoke $r5.<java.security.MessageDigest: void update(byte[])>($r8) | Operation on object of type java.security.MessageDigest object not completed. Expected call to <java.security.MessageDigest: void update(byte[])>, <java.security.MessageDigest: void update(byte[],int,int)>, digest, <java.security.MessageDigest: void update(java.nio.ByteBuffer)>, <java.security.MessageDigest: void update(byte)> |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | $r15 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3991) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | r19 = virtualinvoke $r9.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | virtualinvoke $r5.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void load(java.io.InputStream,char[])>(r41, $r21) | Second parameter should never be of type java.lang.String. |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Second parameter should never be of type java.lang.String. |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| 4.2.3 |
|
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | $r52 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2740) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | virtualinvoke $r9.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
KeyStore | org.mortbay.http.SunJsseListener.start()V | virtualinvoke r60.<java.security.KeyStore: void load(java.io.InputStream,char[])>($r61, $r66) | Second parameter should never be of type java.lang.String. |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | $r12 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer4007) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | r22 = virtualinvoke $r9.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | $r15 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer4010) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void load(java.io.InputStream,char[])>(r41, $r21) | Second parameter should never be of type java.lang.String. |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Second parameter should never be of type java.lang.String. |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| - | - |
|
KeyStore | org.mortbay.util.PKCS12Import.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r48, r5) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| 4.2.9 |
|
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | $r52 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3079) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | virtualinvoke $r9.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
KeyStore | org.mortbay.http.SunJsseListener.start()V | virtualinvoke r66.<java.security.KeyStore: void load(java.io.InputStream,char[])>($r67, $r72) | Second parameter should never be of type java.lang.String. |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | $r12 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3957) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | virtualinvoke $r4.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | $r15 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3959) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | r19 = virtualinvoke $r9.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | virtualinvoke $r5.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void load(java.io.InputStream,char[])>(r41, $r21) | Second parameter should never be of type java.lang.String. |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Second parameter should never be of type java.lang.String. |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| - | - |
|
KeyStore | org.mortbay.util.PKCS12Import.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r48, r5) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| 4.2.10 |
|
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | r33 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3033) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | virtualinvoke r33.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | $r12 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3758) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | virtualinvoke $r4.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | $r15 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3762) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | r19 = virtualinvoke $r9.<java.security.MessageDigest: byte[] digest()>() | Unexpected call to method <java.security.MessageDigest: byte[] digest()> on object of type java.security.MessageDigest. Expect a call to one of the following methods <java.security.MessageDigest: void update(byte[])>,<java.security.MessageDigest: void update(byte[],int,int)>,<java.security.MessageDigest: byte[] digest(byte[])>,<java.security.MessageDigest: void update(java.nio.ByteBuffer)>,<java.security.MessageDigest: void update(byte)> |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | virtualinvoke $r5.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| - | - |
|
KeyStore | org.mortbay.util.PKCS12Import.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r48, r5) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| - | - |
|
MessageDigest | org.mortbay.util.Password.main([Ljava/lang/String;)V | return | Operation on object of type java.security.MessageDigest object not completed. Expected call to digest, update |
| 4.2.12 |
|
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | r33 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer2056) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.http.DigestAuthenticator$Digest.check(Ljava/lang/Object;)Z | virtualinvoke r33.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
KeyStore | org.mortbay.http.SunJsseListener.open()V | virtualinvoke r66.<java.security.KeyStore: void load(java.io.InputStream,char[])>($r67, $r72) | Second parameter should never be of type java.lang.String. |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | $r12 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3942) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.check(Ljava/lang/Object;)Z | virtualinvoke $r5.<java.security.MessageDigest: void update(byte[])>($r8) | Operation on object of type java.security.MessageDigest object not completed. Expected call to <java.security.MessageDigest: void update(byte[])>, <java.security.MessageDigest: void update(byte[],int,int)>, digest, <java.security.MessageDigest: void update(java.nio.ByteBuffer)>, <java.security.MessageDigest: void update(byte)> |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | $r15 = staticinvoke <java.security.MessageDigest: java.security.MessageDigest getInstance(java.lang.String)>(varReplacer3946) | First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} |
| - | - |
|
MessageDigest | org.mortbay.util.Credential$MD5.digest(Ljava/lang/String;)Ljava/lang/String; | virtualinvoke $r5.<java.security.MessageDigest: void reset()>() | Unexpected call to method reset on object of type java.security.MessageDigest. Expect a call to one of the following methods digest,update |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void load(java.io.InputStream,char[])>(r41, $r21) | Second parameter should never be of type java.lang.String. |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Second parameter should never be of type java.lang.String. |
| - | - |
|
KeyStore | org.mortbay.util.KeyPairTool.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r43, $r30) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| - | - |
|
KeyStore | org.mortbay.util.PKCS12Import.main([Ljava/lang/String;)V | virtualinvoke r3.<java.security.KeyStore: void store(java.io.OutputStream,char[])>(r48, r5) | Unexpected call to method store on object of type java.security.KeyStore. Expect a call to one of the following methods getKey,getEntry |
| 6.0.0 |
|
|
||||
| 6.0.1 |
|
|
||||
| 6.0.2 |
|
|
||||
| 6.1.0 |
|
|
||||
| 6.1.1 |
|
|
||||
| 6.1.2 |
|
|
||||
| 6.1.3 |
|
|
||||
| 6.1.4 |
|
|
||||
| 6.1.5 |
|
|
||||
| 6.1.6 |
|
|
||||
| 6.1.7 |
|
|
||||
| 6.1.8 |
|
|
||||
| 6.1.9 |
|
|
||||
| 6.1.10 |
|
|
||||
| 6.1.11 |
|
|
||||
| 6.1.12 |
|
|
||||
| 6.1.14 |
|
|
||||
| 6.1.15 |
|
|
||||
| 6.1.16 |
|
|
||||
| 6.1.17 |
|
|
||||
| 6.1.18 |
|
|
||||
| 6.1.19 |
|
|
||||
| 6.1.20 |
|
|
||||
| 6.1.21 |
|
|
||||
| 6.1.22 |
|
|
||||
| 6.1.23 |
|
|
||||
| 6.1.24 |
|
|
||||
| 6.1.25 |
|
|
||||
| 6.1.26 |
|
|