software composition analysis
Product
SAST
Catch vulnerabilities as you develop DAST
Test live web applications like an attacker SCA
Secure open-source and supply chain MAST
Secure mobile apps from code to store Compliance
Align with standards while shipping secure code
Resources
Vulnerability database Healthy Package
Blog News
Documentation
Pricing Partners About Us Log In
software composition analysis

Java : Unsafe database connection via applet

Classification

OWASP Top 10 2017 A6-Security Misconfiguration OWASP Top 10 2021 A5-Security Misconfiguration PCI DSS 4.0 7.2.6 HIPAA §164.312 (a)(1) CWE CWE-862 CWE/SANS Top 25 2011 CWE-862 CWE/SANS Top 25 2021 CWE-862

Overview

The application uses JDBC (Java Database Connectivity) methods. Applets that use JDBC in an untrusted environment can compromise the database.

According to the default settings, Java applet can open a connection to a database located on the server from which it was downloaded. This is acceptable only in a trusted environment. Otherwise, an attacker can use the applet to get access parameters and ultimately to gain direct access to the database.

References

  1. CWE-305: Authentication Bypass by Primary Weakness
  2. OWASP Top 10 2017-A6-Security Misconfiguration

See also

Java : Unsafe encoding
Java : Call of System.exit()
Java : Struts2 data tampering