Permissive Cross-domain Policy with Untrusted Domains
Description
The application defines an overly permissive CORS policy by setting the Access-Control-Allow-Origin header to a wildcard (*) or other overly permissive value, allowing malicious applications to communicate with the victim application in an inappropriate way, leading to spoofing, data theft, relay, and other attacks.
Examples
Insecure Code
java
response.setHeader("Access-Control-Allow-Origin", "*");Secure Code
java
response.setHeader("Access-Control-Allow-Origin", "https://example.com");Remediation
Set the Access-Control-Allow-Origin header to a specific domain or a list of trusted domains to restrict access to only authorized sources.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0016 |
| Category | Web |
| Severity | LOW |
| CWE | CWE-942 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | CORS, Access-Control |
| OWASP | N/A |