DerScanner
Home / Vulnerability Database / Java : Apache Axis2 unsafe configuration
Java

Java : Apache Axis2 unsafe configuration

Classification

OWASP Top 10 2013
A5-Security MisconfigurationA6-Sensitive Data Exposure
OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
PCI DSS 4.0
2.2.54.2.16.2.4
HIPAA
§164.312 (c)(1)§164.312 (e)(2)(i)
CWE
CWE-1031CWE-1032

Overview

Insecure Apache Axis 2 configuration: the REST protocol that does not ensure data integrity and confidentiality is used for data transmission.

If the application communicates with other services, messaging security is defined by the least secure chain link. REST does not include data security mechanisms and completely relies on the transport level protocols.

References

  1. CWE-311: Missing Encryption of Sensitive Data
  2. CWE-319: Cleartext Transmission of Sensitive Information
  3. OWASP Top 10 2017-A6-Security Misconfiguration
  4. OWASP Top 10 2013-A5-Security Misconfiguration
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix Java : Apache Axis2 unsafe configuration in your application?

See also

Java

Java : Race condition

Java

Java : Text4Shell Vulnerability

Java

Java : JNI usage