SYM_JAVA_0044 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code sends HTTP requests using Apache HTTP Components over unencrypted 'http://' URLs instead of secure 'https://'. This exposes any data sent or received to interception by attackers.
Impact
Sensitive information such as authentication credentials, personal data, or session tokens could be intercepted or tampered with by attackers monitoring network traffic. This may lead to data breaches, account compromise, or unauthorized access to your application and its users.