Open Policy Crossdomain.xml Detected

Severity: Medium

Summary#

Invicti detected an Open Policy Crossdomain.xml file.

Impact#

Open policy Crossdomain.xml file allows other SWF files to make HTTP requests to your web server and see its response. This can be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.

Remediation#

Configure your Crossdomain.xml to prevent access from everywhere to your domain.

Classifications#

CWE-16, WASC-15, CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C, ISO27001-A.14.2.5, OWASP 2017-A6, OWASP 2013-A5

Invicti Security Insights

XML External Entity (XXE) Attacks and How to Avoid Them

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

Open Policy Crossdomain.xml Detected

Related Articles

Build your resistance to threats. And save hundreds of hours each month.