Unsafe Spring Service Exporter
Description
The use of HttpInvokerServiceExporter or SimpleHttpInvokerServiceExporter can expose services over HTTP, potentially allowing unauthorized access.
Examples
Insecure Code
java
org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter exporter = new HttpInvokerServiceExporter();Secure Code
java
org.springframework.remoting.rmi.RmiServiceExporter exporter = new RmiServiceExporter();Remediation
Use a secure exporter, such as RmiServiceExporter, or configure the HttpInvokerServiceExporter to use SSL/TLS encryption.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0236 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-306 |
| Confidence | LOW |
| Impact | LOW |
| Likelihood | LOW |
| Exploitability | MODERATE |
| Tags | spring, httpinvoker |
| OWASP | N/A |