Unsafe Spring Service Exporter
Description
The class $CLASS extends RemoteInvocationSerializingExporter, which can lead to security vulnerabilities.
Examples
Insecure Code
java
class MyClass extends org.springframework.remoting.rmi.RemoteInvocationSerializingExporterSecure Code
java
class MyClass extends org.springframework.remoting.rmi.RemoteInvocationEncodableExporterRemediation
Extend a safer class, such as RemoteInvocationEncodableExporter, or ensure proper security measures are in place.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0238 |
| Category | InsecureConfig |
| Severity | LOW |
| CWE | |
| Confidence | LOW |
| Impact | LOW |
| Likelihood | LOW |
| Exploitability | COMPLEX |
| Tags | spring, rmi |
| OWASP | N/A |