« IntelDataset:test » : différence entre les versions

De HackBBS
Aller à la navigation Aller à la recherche
mAucun résumé des modifications
HackBBS (discussion | contributions)
Aucun résumé des modifications
 
(7 versions intermédiaires par 2 utilisateurs non affichées)
Ligne 1 : Ligne 1 :
./modules/generators/mod_cgid.c:659:  [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<nowiki><br /></nowiki>
./test/test_find.c:67:  [5
 
./modules/md/mod_md_os.c:43:  [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<nowiki><br /></nowiki>
 
./os/unix/unixd.c:265:  [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<nowiki><br /></nowiki>
 
./srclib/apr/file_io/netware/filestat.c:136:  [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.<nowiki><br /></nowiki>
 
./srclib/apr/file_io/unix/filestat.c:179:  [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.<nowiki><br /></nowiki>
 
./srclib/apr/threadproc/win32/proc.c:297:  [5] (misc) SetSecurityDescriptorDacl: Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).<nowiki><br /></nowiki>
 
./test/test_find.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki><br /></nowiki>
 
./test/test_find.c:71:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki><br /></nowiki>
 
./test/test_parser.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki><br /></nowiki>
 
./include/http_log.h:375:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./include/http_log.h:417:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./include/http_log.h:459:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./include/http_log.h:503:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./include/http_log.h:552:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./include/http_protocol.h:527:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./include/util_filter.h:336:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./include/util_filter.h:603:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./modules/aaa/mod_authn_socache.c:276:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/arch/netware/mod_nw_ssl.c:555:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/arch/netware/mod_nw_ssl.c:605:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/arch/unix/mod_unixd.c:311:  [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly.<nowiki><br /></nowiki>
 
./modules/arch/win32/mod_isapi.c:521:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/arch/win32/mod_isapi.c:524:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/arch/win32/mod_isapi.c:556:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/arch/win32/mod_isapi.c:560:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/arch/win32/mod_isapi.c:580:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/dav/main/mod_dav.c:1953:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/filters/mod_charset_lite.c:494:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/filters/mod_xml2enc.c:298:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/filters/regexp.h:73:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./modules/generators/mod_cgid.c:943:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/http2/h2_proxy_util.c:941:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/http2/h2_util.c:76:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/ldap/util_ldap_cache_mgr.c:125:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/ldap/util_ldap_cache_mgr.c:699:  [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.<nowiki><br /></nowiki>
 
./modules/loggers/mod_log_forensic.c:214:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/lua/lua_passwd.c:123:  [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt.<nowiki><br /></nowiki>
 
./modules/lua/lua_passwd.c:135:  [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt.<nowiki><br /></nowiki>
 
./modules/mappers/mod_rewrite.c:449:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./modules/md/md_log.h:51:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./modules/metadata/mod_headers.c:655:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/metadata/mod_headers.c:656:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./modules/metadata/mod_remoteip.c:798:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/mod_proxy.c:1020:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/mod_proxy_balancer.c:1179:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/mod_proxy_balancer.c:1185:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/mod_proxy_balancer.c:1249:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/mod_proxy_balancer.c:1255:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/proxy_util.c:1089:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/proxy_util.c:1096:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/proxy_util.c:1102:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/proxy/proxy_util.c:1110:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/ssl/ssl_private.h:1129:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./modules/ssl/ssl_private.h:1134:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./modules/ssl/ssl_private.h:1139:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./modules/tls/tls_cert.c:97:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./modules/tls/tls_cert.c:109:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./os/win32/ap_regkey.c:70:  [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly.<nowiki><br /></nowiki>
 
./os/win32/ap_regkey.c:72:  [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly.<nowiki><br /></nowiki>
 
./os/win32/ap_regkey.c:88:  [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly.<nowiki><br /></nowiki>
 
./os/win32/ap_regkey.c:90:  [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly.<nowiki><br /></nowiki>
 
./os/win32/ap_regkey.c:98:  [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly.<nowiki><br /></nowiki>
 
./os/win32/ap_regkey.c:100:  [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly.<nowiki><br /></nowiki>
 
./server/log.c:1140:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./server/log.c:1589:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./server/mpm/netware/mpm_netware.c:159:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./server/mpm/netware/mpm_netware.c:160:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./server/mpm/netware/mpm_netware.c:161:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./server/mpm/winnt/mpm_winnt.c:594:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./server/mpm/winnt/service.c:759:  [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./server/mpm/winnt/service.c:1209:  [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./server/mpm/winnt/service.c:1234:  [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./server/mpm/winnt/service.c:1238:  [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./server/request.c:1242:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./server/util_expr_parse.c:761:  [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki><br /></nowiki>
 
./server/util_regex.c:177:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:172:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:174:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:276:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:284:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:288:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:291:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:325:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:326:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:341:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:378:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:381:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:419:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:421:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:438:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:440:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:601:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:766:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:768:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:802:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:818:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:822:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:826:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:841:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:848:  [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).<nowiki><br /></nowiki>
 
./srclib/apr/build/aplibtool.c:877:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki><br /></nowiki>
 
.

Dernière version du 10 septembre 2024 à 19:08

./test/test_find.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./test/test_find.c:71:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./test/test_parser.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./include/http_log.h:375:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:417:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:503:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:552:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_protocol.h:527:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/util_filter.h:336:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/util_filter.h:603:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./modules/aaa/mod_authn_socache.c:276:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
./modules/arch/netware/mod_nw_ssl.c:555:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
./modules/arch/netware/mod_nw_ssl.c:605:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).