ASP Classic/Visual Basic/VBScript
This article covers ASP Classic/Visual Basic/VBScript support and vulnerability detection for Mend SAST.
Mend SAST-supported ASP Classic/Visual Basic/VBScript file types
**Note: These extensions are marked as ‘Secondary’ file extensions.
They will only be scanned if at least one file with any of the other ‘Primary’ file extensions is present to identify the language as the relevant language.
File Type |
|---|
.asp |
.bas |
.cls |
.inc** |
.master** |
.vb** |
.vbs |
.as |
Mend SAST-supported ASP Classic/Visual Basic/VBScript frameworks
Framework |
|---|
N/A |
Mend SAST-supported ASP Classic/Visual Basic/VBScript vulnerability types
The ASP Classic/Visual Basic/VBScript vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.
ASP Classic/Visual Basic/VBScript high-severity vulnerability types
CWE | Vulnerability Type |
CWE-22 | Path/Directory Traversal |
CWE-73 | File Manipulation |
CWE-78 | Command Injection |
CWE-79 | Cross-Site Scripting |
CWE-89 | SQL Injection |
CWE-94 | Code Injection |
CWE-94 | Server Pages Execution |
CWE-643 | XPath Injection |
CWE-918 | Server-Side Request Forgery |
ASP Classic/Visual Basic/VBScript medium-severity vulnerability types
CWE | Vulnerability Type |
CWE-338 | Weak Pseudo-Random |
CWE-472 | Hidden HTML Input |
CWE-676 | Miscellaneous Dangerous Functions |
ASP Classic/Visual Basic/VBScript low-severity vulnerability types
CWE | Vulnerability Type |
CWE-20 | Mail Relay |
CWE-113 | HTTP Response Splitting |
CWE-113 | HTTP Header Injection |
CWE-117 | Log Forging |
CWE-434 | File Upload |
CWE-530 | Dangerous File Extensions |
CWE-601 | Unvalidated/Open Redirect |
CWE-941 | Arbitrary Server Connection |