Web Site Cross-Domain Policy File Detection

Info Nessus Network Monitor Plugin ID 5801

Synopsis

The remote web server contains a 'crossdomain.xml' file. This is a simple XML file used by Adobe's Flash Player to allow access to data that resides outside the exact web domain from which a Flash movie file originated.

Description

The remote web server contains a 'crossdomain.xml' file. This is a simple XML file used by Adobe's Flash Player to allow access to data that resides outside the exact web domain from which a Flash movie file originated.

Solution

Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross-site request forgery and cross-site scripting attacks against the web server.

See Also

http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html

http://www.adobe.com/go/tn_14213

http://www.nessus.org/u?74a6a9a5

http://www.nessus.org/u?50ee6db2

Plugin Details

Severity: Info

ID: 5801

Family: Policy

Published: 2011/02/23

Modified: 2016/11/23

Dependencies: 1442

Nessus ID: 32318

Risk Information

Risk Factor: Info