Web Site Client Access Policy File Detection
Info Nessus Plugin ID 72427
SynopsisThe remote web server contains a 'clientaccesspolicy.xml' file.
DescriptionThe remote web server contains a client access policy file. This is a simple XML file used by Microsoft Silverlight to allow access to services that reside outside the exact web domain from which a Silverlight control originated.
SolutionReview the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross- site request forgery or other attacks against the web server.