Web Site Client Access Policy File Detection

info Nessus Plugin ID 72427
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote web server contains a 'clientaccesspolicy.xml' file.

Description

The remote web server contains a client access policy file. This is a simple XML file used by Microsoft Silverlight to allow access to services that reside outside the exact web domain from which a Silverlight control originated.

Solution

Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross- site request forgery or other attacks against the web server.

See Also

http://www.nessus.org/u?a4eeeaa2

Plugin Details

Severity: Info

ID: 72427

File Name: clientaccesspolicy.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2/11/2014

Updated: 1/19/2021

Dependencies: http_version.nasl

Vulnerability Information

Exploited by Nessus: true