hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 23:14:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve InsecureJavaMail.qhelp references

Browse Source
This commit is contained in:
Marcono1234
2020-07-29 01:45:27 +02:00
committed by GitHub
parent c5a4a6be05
commit 5942bc6a43
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/src/experimental/Security/CWE/CWE-297/InsecureJavaMail.qhelp
View File

@@ -22,9 +22,15 @@ credentials are sent in an SSL session without certificate validation. In the 'G
<references>
<li>
<a href="https://cwe.mitre.org/data/definitions/297.html">CWE-297</a>
<a href="https://issues.apache.org/jira/browse/LOG4J2-2819">Add support for specifying an SSL configuration for SmtpAppender (CVE-2020-9488)</a>
<a href="https://rules.sonarsource.com/java/tag/owasp/RSPEC-4499">SMTP SSL connection should check server identity</a>
<a href="https://cwe.mitre.org/data/definitions/297.html">CWE-297</a>
</li>
<li>
Log4j2:
<a href="https://issues.apache.org/jira/browse/LOG4J2-2819">Add support for specifying an SSL configuration for SmtpAppender (CVE-2020-9488)</a>
</li>
<li>
SonarSource rule:
<a href="https://rules.sonarsource.com/java/tag/owasp/RSPEC-4499">SMTP SSL connection should check server identity</a>
</li>
</references>
</qhelp>
</qhelp>