mobsf.mobsfscan.crypto.insecure_ssl_v3.insecure_sslv3

MobSF

Author

unknown

Download Count*

GPLv3

License

SSLv3 is insecure and has multiple known vulnerabilities.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: insecure_sslv3
    patterns:
      - pattern-either:
          - pattern: |
              $S.getInstance("SSLv3");
    message: SSLv3 is insecure and has multiple known vulnerabilities.
    languages:
      - java
    severity: ERROR
    metadata:
      cwe: cwe-327
      owasp-mobile: m5
      masvs: crypto-4
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other

Short Link: https://sg.run/dnBZ