Web Site Client Access Policy File Detection

info Nessus Plugin ID 72427


The remote web server contains a 'clientaccesspolicy.xml' file.


The remote web server contains a client access policy file. This is a simple XML file used by Microsoft Silverlight to allow access to services that reside outside the exact web domain from which a Silverlight control originated.


Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross- site request forgery or other attacks against the web server.

See Also


Plugin Details

Severity: Info

ID: 72427

File Name: clientaccesspolicy.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2/11/2014

Updated: 1/19/2021