Web Site Client Access Policy File Detection

info Nessus Plugin ID 72427

Synopsis

The remote web server contains a 'clientaccesspolicy.xml' file.

Description

The remote web server contains a client access policy file. This is a simple XML file used by Microsoft Silverlight to allow access to services that reside outside the exact web domain from which a Silverlight control originated.

Solution

Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross- site request forgery or other attacks against the web server.

See Also

http://www.nessus.org/u?a4eeeaa2

Plugin Details

Severity: Info

ID: 72427

File Name: clientaccesspolicy.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2/11/2014

Updated: 1/19/2021

Dependencies: http_version.nasl

Risk Information

Risk Factor: Info

Vulnerability Information

Exploited by Nessus: true