CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [master]

[satyamchaurasiapersistent]

SSRF issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java in branch master

The application sends a request to a remote server, for some resource, using dburl in src\main\java\org\cysecurity\cspf\jvl\controller\Install.java:112. However, an attacker can control the target of the request, by sending a URL or other data in ""dburl"" at src\main\java\org\cysecurity\cspf\jvl\controller\Install.java:54.

Severity: Medium

CWE:918

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 54 56 57 58

---

Code (Line #54):

        dburl = request.getParameter("dburl");

---

Code (Line #56):

        dbuser = request.getParameter("dbuser");

---

Code (Line #57):

        dbpass = request.getParameter("dbpass");

---

Code (Line #58):

        dbname = request.getParameter("dbname");

---

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.