Description

Detects insecure CORS configurations in Java EE XML files where wildcard (*) is used to allow all origins. This creates a security risk by allowing any domain to make cross-origin requests to your application, potentially enabling malicious websites to access sensitive data or perform unauthorized operations.

Detection Strategy

• Scans Java EE XML configuration files for CORS-related parameters including 'cors.allowOrigin', 'cors.allowed.origins', and 'allowedOrigins'

• Checks if any of these parameters contain a wildcard (*) character in their values

• Reports a vulnerability when CORS configuration parameters are set to accept all origins using wildcards in init-param XML elements

Vulnerable code example

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="3.0">
    
    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.origins</param-name>...

✅ Secure code example

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="3.0">
    
    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.origins</param-name>...