SYM_JAVA_0048 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code sends HTTP requests using HttpClient to URLs that start with 'http://', which means data is transmitted without encryption. This exposes any information sent or received to potential interception by attackers.
Impact
Sensitive data such as credentials or personal information can be read or modified by attackers on the network. This can lead to data breaches, session hijacking, and compromise of user privacy or application security.