Java : Usage of untrusted proxy

Classification

OWASP Top 10 2021

A4-Insecure Design

PCI DSS 4.0

6.2.4

CWE

CWE-15 CWE-642

Overview

The application uses an untrusted proxy server. An attacker can modify the proxy server address and can intercept the traffic (the man-in-the-middle attack).

References

CWE-15: External Control of System or Configuration Setting
OWASP: Setting Manipulation
Man-in-the-middle attack - Wikipedia

MEDIUM

Java : Usage of untrusted proxy

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Java : Usage of untrusted proxy in your application?

See also

Java : Race condition

Java : Text4Shell Vulnerability

Java : JNI usage