Tomcat 5.5.9 - 6.0.0 High Priority

# Category Warning Package/Class Method 1 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.authenticator.SingleSignOn 2 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.connector.Connector 3 STYLE DLS_DEAD_LOCAL_STORE org.apache.catalina.connector.Request setCharacterEncoding 4 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.connector.Request 5 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.connector.Request 6 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.connector.Request 7 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.connector.RequestFacade 8 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.connector.Response 9 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.connector.ResponseFacade 10 STYLE DLS_DEAD_LOCAL_STORE org.apache.catalina.core.ApplicationFilterConfig setFilterDef 11 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.core.ContainerBase 12 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.core.NamingContextListener 13 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addApplicationListener 14 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addApplicationParameter 15 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addConstraint 16 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addFilterMap 17 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addInstanceListener 18 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addSecurityRole 19 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addWatchedResource 20 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addWelcomeFile 21 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addWrapperLifecycle 22 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext addWrapperListener 23 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeApplicationListener 24 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeApplicationParameter 25 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeConstraint 26 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeFilterMap 27 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeInstanceListener 28 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeSecurityRole 29 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeWatchedResource 30 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeWelcomeFile 31 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeWrapperLifecycle 32 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardContext removeWrapperListener 33 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.core.StandardContext 34 BAD_PRACTICE SE_BAD_FIELD org.apache.catalina.core.StandardContext 35 BAD_PRACTICE SE_BAD_FIELD org.apache.catalina.core.StandardContext 36 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.core.StandardHost removeAlias 37 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.core.StandardPipeline 38 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.loader.WebappClassLoader 39 CORRECTNESS DMI_INVOKING_TOSTRING_ON_ARRAY org.apache.catalina.realm.RealmBase authenticate 40 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.realm.RealmBase 41 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.servlets.DefaultServlet 42 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.servlets.DefaultServlet 43 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.JDBCStore 44 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.JDBCStore 45 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.ManagerBase 46 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.ManagerBase 47 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.PersistentManager 48 CORRECTNESS MF_CLASS_MASKS_FIELD org.apache.catalina.session.PersistentManagerBase 49 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.StandardManager 50 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.StandardSession 51 CORRECTNESS SE_METHOD_MUST_BE_PRIVATE org.apache.catalina.session.StandardSession readObject 52 CORRECTNESS SE_METHOD_MUST_BE_PRIVATE org.apache.catalina.session.StandardSession writeObject 53 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.StoreBase 54 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.session.StoreBase 55 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.ssi.SSIMediator 56 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.startup.ContextConfig 57 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.startup.ContextConfig 58 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.startup.DigesterFactory 59 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.startup.Embedded 60 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.startup.HostConfig 61 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.startup.HostConfig 62 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.catalina.startup.TldConfig setTldNamespaceAware 63 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.catalina.startup.TldConfig setTldValidation 64 MT_CORRECTNESS STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE org.apache.catalina.util.CookieTools getCookieHeaderValue 65 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.util.InstanceSupport addInstanceListener 66 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.util.InstanceSupport removeInstanceListener 67 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.util.LifecycleSupport addLifecycleListener 68 MT_CORRECTNESS ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD org.apache.catalina.util.LifecycleSupport removeLifecycleListener 69 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.util.Strftime 70 BAD_PRACTICE HE_EQUALS_USE_HASHCODE org.apache.catalina.util.URL equals 71 CORRECTNESS NP_ALWAYS_NULL org.apache.catalina.valves.AccessLogValve replace 72 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.valves.ErrorReportValve 73 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.valves.RequestFilterValve 74 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.catalina.valves.ValveBase 75 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.coyote.http11.Http11Processor 76 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.coyote.http11.Http11Protocol 77 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.coyote.http11.Http11Protocol 78 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.coyote.http11.InternalInputBuffer 79 MALICIOUS_CODE MS_MUTABLE_ARRAY org.apache.jasper.Constants 80 MALICIOUS_CODE MS_MUTABLE_ARRAY org.apache.jasper.Constants 81 MALICIOUS_CODE MS_MUTABLE_ARRAY org.apache.jasper.Constants 82 STYLE DLS_DEAD_LOCAL_STORE org.apache.jasper.compiler.Parser parseAttributeDirective 83 STYLE DLS_DEAD_LOCAL_STORE org.apache.jasper.compiler.Parser parseVariableDirective 84 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.jasper.compiler.ServletWriter 85 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.jasper.compiler.ServletWriter 86 CORRECTNESS IL_INFINITE_RECURSIVE_LOOP org.apache.jasper.runtime.JspContextWrapper include 87 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.jasper.runtime.TagHandlerPool 88 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.jasper.runtime.TagHandlerPool 89 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.jasper.util.SystemLogHandler 90 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.jasper.util.SystemLogHandler 91 CORRECTNESS INT_BAD_COMPARISON_WITH_SIGNED_BYTE org.apache.jasper.xmlparser.ASCIIReader read 92 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.jk.apr.AprImpl 93 CORRECTNESS DMI_INVOKING_TOSTRING_ON_ARRAY org.apache.jk.common.ChannelSocket read 94 CORRECTNESS MF_CLASS_MASKS_FIELD org.apache.jk.common.JkMX 95 CORRECTNESS DMI_INVOKING_TOSTRING_ON_ARRAY org.apache.jk.common.MsgAjp dump 96 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.jk.server.JkCoyoteHandler 97 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.jk.server.JkMain 98 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.naming.ContextBindings 99 BAD_PRACTICE DE_MIGHT_IGNORE org.apache.naming.factory.SendMailFactory$1 run 100 BAD_PRACTICE CN_IDIOM_NO_SUPER_CALL org.apache.naming.resources.ResourceAttributes clone 101 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.IntrospectionUtils 102 CORRECTNESS EQ_SELF_USE_OBJECT org.apache.tomcat.util.buf.MessageBytes equals 103 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.buf.StringCache 104 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.buf.StringCache 105 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.tomcat.util.buf.StringCache reset 106 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.tomcat.util.buf.StringCache reset 107 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.tomcat.util.buf.StringCache setByteEnabled 108 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.tomcat.util.buf.StringCache setCacheSize 109 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.tomcat.util.buf.StringCache setCharEnabled 110 STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD org.apache.tomcat.util.buf.StringCache setTrainThreshold 111 BAD_PRACTICE ES_COMPARING_STRINGS_WITH_EQ org.apache.tomcat.util.digester.Digester updateBodyText 112 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.digester.GenericParser 113 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.digester.GenericParser 114 CORRECTNESS NP_NULL_PARAM_DEREF org.apache.tomcat.util.digester.SetNextRule end 115 CORRECTNESS NP_NULL_PARAM_DEREF org.apache.tomcat.util.digester.SetRootRule end 116 CORRECTNESS NP_NULL_PARAM_DEREF org.apache.tomcat.util.digester.SetTopRule end 117 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.digester.XercesParser 118 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.digester.XercesParser 119 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.digester.XercesParser 120 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.digester.XercesParser 121 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.http.HttpMessages 122 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.http.MimeMap 123 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.log.SystemLogHandler 124 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.log.SystemLogHandler 125 BAD_PRACTICE HE_EQUALS_USE_HASHCODE org.apache.tomcat.util.net.URL equals 126 MALICIOUS_CODE MS_SHOULD_BE_FINAL org.apache.tomcat.util.threads.ThreadWithAttributes

back