CWE-5 - J2EE Misconfiguration: Data Transmission Without Encryption
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
J2EE Misconfiguration: Data Transmission Without Encryption
Description
Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Scope: Integrity
Impact: Modify Application Data