Use of HTTP with Apache HttpClient
Description
Apache HttpClient is used to send a request over HTTP. HTTP traffic is unencrypted and exposes sensitive data to interception or tampering. To ensure secure communication, always use HTTPS instead of HTTP.
Examples
Insecure Code
java
CloseableHttpClient client = HttpClients.createDefault(); HttpPost request = new HttpPost("http://example.com"); CloseableHttpResponse response = client.execute(request);Secure Code
java
CloseableHttpClient client = HttpClients.createDefault(); HttpPost request = new HttpPost("https://example.com"); CloseableHttpResponse response = client.execute(request);Remediation
Replace HTTP with HTTPS in the Apache HttpClient request
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0739 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-319 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | Insecure Transport |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |