Checkmarx One – Scan Summary & Details – 4c2f3b00-ccf0-4ca8-918e-c43701143891

New Issues (42)

Critical: 7 · High: 23 · Medium: 12

AI Triage*: Suspected False Positive 6 · View triage analysis

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2019-10212	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in versions before 2.0.27.Final, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse t... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2019-3888	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2020-1745	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A File Inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow versions through 2.... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2025-12543	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 43	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application const... Attack Vector
6		SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 42	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application const... Attack Vector
7		SQL_Injection	/src/main/webapp/vulnerability/forum.jsp: 41	details The application's method executes an SQL query with executeUpdate, at line 48 of /src/main/webapp/vulnerability/forum.jsp. The application const... Attack Vector
8		CVE-2019-14888	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A vulnerability was found in the Undertow HTTP server in versions through 2.0.28.SP1-redhat-00001, version 2.0.28.Final-redhat-00001, and version 2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9		CVE-2020-10705	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10		CVE-2020-1757	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
11		CVE-2020-27782	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strin... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
12		CVE-2021-3690	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow prior to 2.0.40.Final and 2.1.x prior to 2.2.10.Final . A buffer leak on the incoming WebSocket PONG message may lead ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
13		CVE-2021-3859	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow versions prior to 2.2.15.Final, that tripped the client-side invocation timeout with certain calls made over HTTP2. Th... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
14		CVE-2022-0084	Maven-org.jboss.xnio:xnio-api-3.3.8.Final	details Recommended version: 3.5.10.Final Description: A flaw was found in XNIO versions prior to 3.8.8.Final, specifically in the "notifyReadClosed" method. The issue revealed this method was logging a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
15		CVE-2022-1319	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow versions through 2.2.17.Final and 2.3.0.Alpha1. For an AJP 400 response, EAP 7 is improperly sending two response pack... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
16		CVE-2022-2053	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implement... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
17		CVE-2022-4492	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at lea... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
18		CVE-2023-1108	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in undertow in versions prior to 2.2.24.Final, and 2.3.x prior to 2.3.5.Final. This issue makes achieving a Denial-of-Service (DoS... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
19		CVE-2023-1973	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow package. Using the "FormAuthenticationMechanism", a malicious user could trigger a Denial of Service by sending crafte... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
20		CVE-2023-3223	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in undertow versions through 2.2.26.Final, and 2.3.0.Alpha1 through 2.3.8.Final. Servlets annotated with '@MultipartConfig' may ca... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
21		CVE-2023-4639	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allo... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
22		CVE-2023-5379	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow. When an AJP request is sent that exceeds the "max-header-size" attribute in "ajp-listener", JBoss EAP is marked in an... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
23		CVE-2023-5685	Maven-org.jboss.xnio:xnio-api-3.3.8.Final	details Recommended version: 3.5.10.Final Description: A flaw was found in XNIO. The XNIO "NotifierState" that can cause a Stack Overflow Exception when the chain of notifier states becomes problematica... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
24		CVE-2024-1635	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious use... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
25		CVE-2024-3884	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow through 2.3.20.Final and 2.4.0.Alpha1 that can cause remote Denial-of-Service (DoS) attacks. When the server uses the ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
26		CVE-2024-4027	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow. Servlets using a method that calls "HttpServletRequestImpl.getParameterNames()" can cause an OutOfMemoryError when th... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
27		CVE-2024-5971	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A vulnerability was found in the undertow-core, where the chunked response hangs after the body was flushed. The response headers and body were sen... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
28		CVE-2024-6162	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A vulnerability was found in Undertow versions through 2.2.32.Final, and 2.3.0.Alpha1 through 2.3.13.Final are vulnerable to Denial-of-Service (DoS... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
29		CVE-2024-7885	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A vulnerability was found in Undertow where the "ProxyProtocolReadListener" reuses the same "StringBuilder" instance across multiple requests. This... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
30		CVE-2025-9784	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow versions through 2.2.37.Final and 2.3.x through 2.3.19.Final where malformed client requests can trigger server-side s... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
31		CSRF	/src/main/webapp/vulnerability/forum.jsp: 43	details Method at line 43 of /src/main/webapp/vulnerability/forum.jsp gets a parameter from a user request from ""title"". This parameter value flows th... Attack Vector
32		CSRF	/src/main/webapp/vulnerability/forum.jsp: 42	details Method at line 42 of /src/main/webapp/vulnerability/forum.jsp gets a parameter from a user request from ""content"". This parameter value flows ... Attack Vector
33		CSRF	/src/main/webapp/vulnerability/forum.jsp: 41	details Method at line 41 of /src/main/webapp/vulnerability/forum.jsp gets a parameter from a user request from ""user"". This parameter value flows thr... Attack Vector
34		CVE-2020-10687	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible ag... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
35		CVE-2020-10719	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw al... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
36		CVE-2020-14340	Maven-org.jboss.xnio:xnio-nio-3.3.8.Final	details Recommended version: 3.5.10.Final Description: XNIO prior to 3.7.9.Final and 3.8.0.Final through 3.8.1.Final has a file descriptor leak caused by growing amounts of NIO Selector file handles bet... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
37		CVE-2021-20220	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible aga... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
38		CVE-2021-3597	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
39		CVE-2021-3629	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a de... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
40		CVE-2022-2764	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A flaw was found in Undertow versions prior to 2.2.21.Final and 2.3.x prior to 2.3.0.Final. Denial of service can be achieved as Undertow server wa... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
41		CVE-2024-1459	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A Path Traversal vulnerability was found in Undertow versions prior to 2.2.31.Final and 2.3.x prior to 2.3.12.Final. This issue may allow a remote ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
42		CVE-2024-3653	Maven-io.undertow:undertow-core-2.0.9.Final	details Recommended version: 2.2.39.Final Description: A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default,... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package

Fixed Issues (3)

Medium: 3

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 43
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 42
	CSRF	/src/main/webapp/vulnerability/forum.jsp: 41

*AI agents that triage & remediate new issues in your PR scan. Learn more

Use @Checkmarx to interact with Checkmarx PR Assistant. New: ask the AI agent for remediation and automatically create a new pull request.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR
@Checkmarx remediate issues 1, 2, 7

Checkmarx One – AI Triage – 4c2f3b00-ccf0-4ca8-918e-c43701143891

1. CVE-2019-10212 · Critical · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

The vulnerable undertow-core:2.0.9.Final dependency is present but never used—the application runs exclusively on Apache Tomcat, not Undertow. No Undertow server instantiation, handlers, or authentication mechanisms exist in the code. Additionally, no DEBUG logging is configured for io.undertow.request.security, and no credential sanitization mechanisms exist. The vulnerability is NOT REACHABLE because credentials never flow through Undertow's security logging components.

2. CVE-2019-3888 · Critical · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

The vulnerable Undertow dependency (2.0.9.Final) is present in the codebase but represents dead code that is never executed at runtime. The application runs on Apache Tomcat, not Undertow, and the only Undertow class usage (in AddPageVuln.java) is in an unregistered servlet class that is never instantiated. No code paths exist that could trigger the vulnerable logging behavior (UndertowLogger.REQUEST_LOGGER.undertowRequestFailed), and the application contains no references to HttpServerExchange objects, no ERROR-level logging implementations, and no Undertow server configurations.

3. CVE-2020-1745 · Critical · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

The vulnerable Undertow 2.0.9.Final library is present as a dependency, and AJP connector classes are imported and instantiated in the codebase (AddPageVuln.java). However, this code is never executed (not registered as servlet), and critically, no AJP endpoint is configured or exposed on any port. The docker-compose configuration only exposes HTTP port 8080, and no configuration files enable AJP listeners. While the application includes a file creation feature (AddPage servlet), it lacks traditional multipart file upload functionality needed for the full exploit chain.

4. CVE-2025-12543 · Critical · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

The undertow-core v2.0.9.Final library is declared as a dependency and its classes are referenced in AddPageVuln.java, but Undertow is NOT used as an HTTP server in this application. The application is a WAR file deployed to Apache Tomcat, which handles all HTTP request processing. No Undertow server initialization, binding configuration, or HttpHandler implementations exist in the codebase. The single Undertow class reference (AjpRequestParser) appears to be unused test/example code not mapped as a servlet endpoint.

5. SQL_Injection · Critical

Triage context: Reachable · Exploitable

All four checklist items were VERIFIED, confirming a critical SQL injection vulnerability in forum.jsp. User input from the "title" parameter flows directly from request.getParameter() at line 43 to SQL execution at line 48 with zero security controls. The code uses direct string concatenation with a basic Statement object instead of parameterized queries, and no validation, sanitization, or escaping mechanisms exist anywhere in the code path.

6. SQL_Injection · Critical

Triage context: Reachable · Exploitable

The checklist confirms a critical SQL injection vulnerability in forum.jsp with all three verification items returning VERIFIED status. User input from the 'content' parameter flows directly from request.getParameter (line 42) into an SQL query via string concatenation (line 48) with zero security controls. No sanitization, validation, or parameterized queries are employed, making the vulnerability trivially exploitable.

7. SQL_Injection · Critical

Triage context: Reachable · Exploitable

The checklist confirms a critical SQL injection vulnerability in forum.jsp where user input from request.getParameter("user") flows directly into an SQL query via string concatenation without any sanitization. The code uses a regular Statement object instead of PreparedStatement, and comprehensive searches found no protective measures such as input validation, escaping, or encoding between lines 41-48. While secure PreparedStatement code exists as comments (lines 49-54), the active implementation remains fully vulnerable to SQL injection attacks.

8. CVE-2019-14888 · High · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

The vulnerable undertow-core library (2.0.9.Final) is actively used in the application code, but the application deploys to Apache Tomcat on HTTP port 8080 rather than using Undertow as an HTTPS server. Since CVE-2019-14888 requires Undertow to be listening on HTTPS for exploitation, the vulnerability's attack vector is not present despite the vulnerable library being included and referenced in the code.

9. CVE-2020-10705 · High · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

The vulnerable undertow-core 2.0.9.Final is declared as a dependency and minimally referenced in code, but Undertow is NOT used as the HTTP server runtime. The application runs on Apache Tomcat, not Undertow, meaning the CVE-2020-10705 vulnerability cannot be exploited through normal request processing. However, the application completely lacks request size limits, memory constraints, or throttling mechanisms, leaving it vulnerable to resource exhaustion attacks in general.

10. CVE-2020-1757 · High

Triage context: Reachable · Exploitable

The application contains 12 servlet endpoints vulnerable to CVE-2020-1757 path normalization issues, with a critical security gap identified in the /admin/AddPage.do servlet that performs no authentication checks. While the application doesn't use servletPath for security decisions, this actually increases risk because the AddPage servlet relies solely on URL pattern routing for protection. The vulnerability could allow attackers to use semicolon-based path manipulation (e.g., /admin;/AddPage.do) to bypass routing logic and access unprotected administrative functions directly.

Use @Checkmarx to interact with Checkmarx PR Assistant. New: ask the AI agent for remediation and automatically create a new pull request.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx remediate issues 1, 2, 7

@Checkmarx rescan this PR

@Checkmarx rescan this PR

✅ Security scan initiated successfully on the create-some-vulns branch!

The scan is now running and will analyze your code for security vulnerabilities. You'll be notified once the scan completes with the results.

@Checkmarx how are you able to help me?

@Checkmarx how are you able to help me?

Hi! I'm the Checkmarx Pull Request Assistant. Here's how I can help you with security in your pull requests:

🔍 Run Security Scans

• Scan your pull request branches for vulnerabilities
• Example: "scan this PR" or "run security scan on target branch"

📊 Analyze Vulnerabilities

• Get detailed information about specific security issues
• Example: "analyze 1" or "show details for the first 5 issues"

🔧 Fix Vulnerabilities

• Create pull requests with automated remediation for security issues
• Example: "fix 1" or "fix the first 3 vulnerabilities"

💡 How to Reference Issues

When asking about vulnerabilities, you can use:

• Serial numbers: "analyze 5" or "fix 12"
• Positional references: "show the first issue" or "fix the last 3"

Just mention me (@Checkmarx) in your comment with what you'd like to do, and I'll take care of the rest!

@Checkmarx fix 7

@Checkmarx fix 7

🔧 Fix initiated for vulnerability 7!

Issue: SQL_Injection
Severity: Critical

A pull request with the automated remediation will be created once the fix is ready. You'll receive a notification when the PR is available for review.

@Checkmarx fix 10

@Checkmarx fix 10

🔧 Fix initiated for vulnerability 10!

Issue: CVE-2020-1757
Severity: High

A pull request with the automated remediation will be created once the fix is ready. You'll receive a notification when the PR is available for review.

Pull request #10 has been created for the SQL_Injection (Critical) vulnerability.

Pull request #11 has been created for the CVE-2020-1757 (High) vulnerability.