Web Site Client Access Policy File Detection

Info Nessus Plugin ID 72427

Synopsis

The remote web server contains a 'clientaccesspolicy.xml' file.

Description

The remote web server contains a client access policy file. This is a simple XML file used by Microsoft Silverlight to allow access to services that reside outside the exact web domain from which a Silverlight control originated.

Solution

Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross- site request forgery or other attacks against the web server.

See Also

http://www.nessus.org/u?a4eeeaa2

Plugin Details

Severity: Info

ID: 72427

File Name: clientaccesspolicy.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 2014/02/11

Modified: 2018/11/15

Dependencies: 10107

Risk Information

Risk Factor: Info