Web Site Client Access Policy File Detection

Info Nessus Plugin ID 72427


The remote web server contains a 'clientaccesspolicy.xml' file.


The remote web server contains a client access policy file. This is a simple XML file used by Microsoft Silverlight to allow access to services that reside outside the exact web domain from which a Silverlight control originated.


Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross- site request forgery or other attacks against the web server.

See Also


Plugin Details

Severity: Info

ID: 72427

File Name: clientaccesspolicy.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 2014/02/11

Updated: 2018/11/15

Dependencies: 10107

Risk Information

Risk Factor: Info