Since it has been marked as a serious threat in PCI Compliance I am making the below mentioned changes.
File location: /home/webadmin/
Old line: <site-control permitted-cross-domain-
New Line: <site-control permitted-cross-domain-
Details by McFee
The Internet browser security model, known as Same-Origin Policy, prevents one domain from accessing content from another domain.
McAfee has detected that your web application contains a crossdomain.xml file that has an allow-all policy. A crossdomain.xml file allows a third party web applications using Adobe flash player to access data from the domain hosting the crossdomain.xml file.
The correct way to configure a crossdomain.xml file is to setup the file to only allow access from "trusted" web applications. The crossdomain.xml file detected on this host has an allow-all policy, means that your web application allows any web application on the internet to Interact with your data. Thus, your web application "trusts" the entire internet.
An attacker could leverage this by embedding a malicious Adobe Flash Player file into a web site on the internet and have that file access sensitive content stored on your web application. Sensitive information includes items such as personally identifiable information (PII) and user credentials.
McAfee has detected that your web application contains a crossdomain.xml file that has an allow-all policy. A crossdomain.xml file allows a third party web applications using Adobe flash player to access data from the domain hosting the crossdomain.xml file.
The correct way to configure a crossdomain.xml file is to setup the file to only allow access from "trusted" web applications. The crossdomain.xml file detected on this host has an allow-all policy, means that your web application allows any web application on the internet to Interact with your data. Thus, your web application "trusts" the entire internet.
An attacker could leverage this by embedding a malicious Adobe Flash Player file into a web site on the internet and have that file access sensitive content stored on your web application. Sensitive information includes items such as personally identifiable information (PII) and user credentials.
No comments:
Post a Comment