Cross-Domain Policy File (crossdomain.xml) Detection

info Nessus Network Monitor Plugin ID 4505

Synopsis

The remote web server contains a 'crossdomain.xml' file.

Description

The remote web server contains a cross-domain policy file. This is a simple XML file used by Adobe's Flash Player to allow access to data that resides outside the exact web domain from which a Flash movie file originated.

Solution

Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross-site request forgery and cross-site scripting attacks against the web server.

See Also

http://www.adobe.com/go/tn_14213

http://www.nessus.org/u?74a6a9a5

http://www.nessus.org/u?50ee6db2

http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html

Plugin Details

Severity: Info

ID: 4505

Family: CGI

Published: 8/18/2004

Updated: 11/23/2016

Nessus ID: 32318