Web Site Client Access Policy File Detection

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a 'clientaccesspolicy.xml' file.

Description :

The remote web server contains a client access policy file. This is a
simple XML file used by Microsoft Silverlight to allow access to
services that reside outside the exact web domain from which a
Silverlight control originated.

See also :


Solution :

Review the contents of the policy file carefully. Improper policies,
especially an unrestricted one with just '*', could allow for cross-
site request forgery or other attacks against the web server.

Risk factor :


Family: CGI abuses

Nessus Plugin ID: 72427 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now