> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# A05:2021  - Security Misconfiguration

> Security rules for Security Misconfiguration vulnerabilities. Security misconfiguration is the most common issue in application security. This includes insecure default configurations, incomplete configurations, 

Security misconfiguration is the most common issue in application security. This includes insecure default configurations, incomplete configurations, open cloud storage, misconfigured HTTP headers, verbose error messages, and unnecessary features or services enabled.

<Info>
  CodeAnt AI detects **Security Misconfiguration** vulnerabilities across **17 languages**: Python, Java, JavaScript, Go, C#, Ruby, PHP, Kotlin, Swift, Scala, C++, Clojure, Elixir, Terraform, Dockerfile, JSON, YAML.
</Info>

***

## Detected Vulnerabilities

<AccordionGroup>
  <Accordion title="CWE-16: Insecure Configuration">
    **Severity:** **Medium**

    ### Description

    The application or its components are configured in a way that introduces security vulnerabilities, such as overly permissive settings, disabled security features, or exposed management interfaces.

    ### Impact

    Misconfigured applications expose unnecessary attack surface. Default credentials, open ports, enabled debug modes, and excessive permissions are common entry points for attackers.

    ### Remediation

    Establish a hardened baseline configuration. Disable unnecessary features, ports, and services. Review all default settings. Automate configuration management. Conduct regular configuration audits.
  </Accordion>

  <Accordion title="CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute">
    **Severity:** **Medium**

    ### Description

    A session cookie or cookie containing sensitive information is set without the Secure flag, allowing it to be transmitted over unencrypted HTTP connections.

    ### Impact

    Cookies can be intercepted over HTTP connections through network sniffing or man-in-the-middle attacks, exposing session tokens and enabling session hijacking.

    ### Remediation

    Set the `Secure` flag on all sensitive cookies. Additionally set `HttpOnly` to prevent JavaScript access and `SameSite` to mitigate CSRF. Use HTTPS across the entire application.
  </Accordion>

  <Accordion title="CWE-532: Information Exposure Through Log Files">
    **Severity:** **Medium**

    ### Description

    The application writes sensitive information such as passwords, tokens, API keys, or personal data into log files that may be accessible to unauthorized actors.

    ### Impact

    Sensitive data in logs can be exposed through log aggregation systems, file access, or log management tools, leading to credential theft and privacy violations.

    ### Remediation

    Sanitize all log output to remove sensitive data. Use structured logging with field-level controls. Implement log redaction for known sensitive patterns. Restrict access to log files and systems.
  </Accordion>

  <Accordion title="CWE-776: Improper Restriction of Recursive Entity References (XML Bomb)">
    **Severity:** **High**

    ### Description

    The application processes XML documents without restricting recursive entity definitions, making it vulnerable to XML bomb attacks (billion laughs attack) that cause denial of service.

    ### Impact

    A small malicious XML document can expand to consume gigabytes of memory, causing application crashes and denial of service.

    ### Remediation

    Disable DTD processing in XML parsers. Set limits on entity expansion. Use safe XML parsing libraries like `defusedxml`. Implement resource limits on XML processing.
  </Accordion>

  <Accordion title="CWE-942: Overly Permissive Cross-domain Whitelist (CORS)">
    **Severity:** **High**

    ### Description

    The application configures Cross-Origin Resource Sharing (CORS) with overly permissive policies such as wildcard origins or reflecting arbitrary Origin headers.

    ### Impact

    Attackers from any origin can make authenticated cross-origin requests to the application, potentially reading sensitive data or performing actions on behalf of the user.

    ### Remediation

    Restrict CORS origins to specific, trusted domains. Never use wildcard (`*`) with credentials. Validate Origin headers server-side. Avoid reflecting the Origin header without validation.
  </Accordion>

  <Accordion title="CWE-548: Exposure of Information Through Directory Listing">
    **Severity:** **Medium**

    ### Description

    The web server or application is configured to display directory listings, revealing the structure and contents of directories to attackers.

    ### Impact

    Attackers can discover sensitive files, backup files, configuration files, and application structure that aid in further attacks.

    ### Remediation

    Disable directory listing on all web servers. Use explicit routing for all served content. Add index files to all directories. Configure web server to return 403/404 for directory requests.
  </Accordion>

  <Accordion title="CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag">
    **Severity:** **Medium**

    ### Description

    A session or sensitive cookie is created without the HttpOnly flag, making it accessible to JavaScript and vulnerable to theft through XSS attacks.

    ### Impact

    If an XSS vulnerability exists, attackers can steal session cookies via JavaScript, enabling session hijacking and account takeover.

    ### Remediation

    Set the `HttpOnly` flag on all session cookies and cookies containing sensitive data. This prevents client-side JavaScript from accessing the cookie values.
  </Accordion>
</AccordionGroup>