Open Policy Crossdomain.xml Detected

Summary

Netsparker detected an open policy Crossdomain.xml file.

Impact

Open policy Crossdomain.xml file allows other SWF files to make HTTP requests to your web server and see its response. This can be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.

Remediation

Configure your Crossdomain.xml to prevent access from everywhere to your domain.

Classifications

WASC-15, OWASP 2013-A5 , CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Critical
High
Medium
Low
Information
Best Practice

Search Vulnerability

Tags

xml

Related Vulnerabilities

OpenSSL Heartbleed
Web Backdoor Detected
Backup Source Code Detected
Elmah.axd / Errorlog.axd Detected
Open Redirection

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO