SYM_GO_0044 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The use of the net/http/cgi package in Go is insecure because it is vulnerable to httpoxy attacks (CVE-2015-5386). This package can allow attackers to manipulate HTTP headers in ways that compromise application security.
Impact
If exploited, attackers could intercept or redirect sensitive data, interfere with backend requests, or expose confidential information. This can lead to data leaks, unauthorized access, or broader application compromise, putting both user data and system integrity at risk.