CWE-5

J2EE Misconfiguration: Data Transmission Without Encryption

AI Translation Available

Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.

Status

draft

Abstraction

variant

Affected Platforms

Java

Technical Details

AI Translation

Common Consequences

confidentiality integrity

Impacts

read application data modify application data

Potential Mitigations

Phases:

system configuration

Descriptions:

• The product configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages.

AI Generated Translation

Common Consequences

riservatezza integrità

Impacts

leggere dati applicazione modificare dati applicazione

Potential Mitigations

Phases:

configurazione sistema

Descriptions:

• La configurazione del prodotto dovrebbe garantire che SSL o un meccanismo di crittografia di forza equivalente e di comprovata affidabilità venga utilizzato per tutte le pagine soggette a controllo degli accessi.

CWE-5

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter