Vulnerability scan of Active Roles Web Interface shows that "The web application framework used on the remote host may be susceptible to cross-site scripting attacks" (4341014)

Tchater maintenant avec le support

Retour

Commentaire envoyé

Cet article vous a-t-il à résoudre un problème ?

Sélectionner une évaluation

Titre

Vulnerability scan of Active Roles Web Interface shows that "The web application framework used on the remote host may be susceptible to cross-site scripting attacks"
Description

A vulnerability scan of the Active Roles Web Interface may indicate something similar to the following:
Synopsis
The web application framework used on the remote host may be susceptible to cross-site scripting attacks.
Description
According to the HTTP headers received from the remote host, the web server is configured to use the ASP.NET framework.
This framework includes the ValidateRequest feature, which is used by ASP.NET web applications to filter user input in an attempt to prevent cross-site scripting attacks. However, this set of filters can be bypassed if it is the sole mechanism used for protection by a web application.
Solution
Determine if any ASP.NET web applications solely rely on the ValidateRequest feature, and use additional protections if necessary.
Cause

The Active Roles Web Interface does use the ValidateRequest feature, but it is not the sole protection which is recommended.
Résolution

This issue is discussed in the Active Roles Web Interface Administration Guide under the section titled Configuring Web interface for
enhanced security

Commentaire envoyé

Cet article vous a-t-il à résoudre un problème ?

Sélectionner une évaluation

Contenu recommandé

Historique de l’article :: Créé le : 9/3/2019
Dernière mise à jour le : 5/7/2023

Titre