Unsafe Spring Service Exporter
Description
The use of HttpInvokerServiceExporter or SimpleHttpInvokerServiceExporter can expose the service to remote attacks, as it allows remote method invocation over HTTP.
Examples
Insecure Code
java
HttpInvokerServiceExporter exporter = new HttpInvokerServiceExporter();Secure Code
java
RmiServiceExporter exporter = new RmiServiceExporter();Remediation
Use a secure alternative, such as RmiServiceExporter, or configure the exporter to use a secure protocol, such as HTTPS.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0237 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-306 |
| Confidence | LOW |
| Impact | LOW |
| Likelihood | LOW |
| Exploitability | MODERATE |
| Tags | spring, httpinvoker |
| OWASP | N/A |