Source: community.k2.com --- Monday, January 30, 2017
Symptoms Dear Bashar, Kindly check the below issues found during Security check and provide us the solution. 1. Cacheable SSL Page Found URL: https://ss-jhd-wft/Identity/sts/Windows/wsfed https://ss-jhd-wfsft/Runtime/BlockedBrowser.aspx https://ss-jhd-wfsft/Runtime/Bundles/Css/RT.SourceCode.Forms.Controls.Web https://ss-jhd-wfsft/Runtime/CombinedResource.ashx https://ss-jhd-wfsft/Runtime/JsonResources.axd https://ss-jhd-wft/ViewFlow/ClientBin/SourceCode.Viewflow.SLViewer.xap Risk(s): It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations Fix: Prevent caching of SSL pages by adding "Cache-Control: no-store" and "Pragma: no-cache" headers to their responses. 2. Social Security Number Pattern Found URL: https://ss-jhd-wfsft/Runtime/Runtime/AnonymousResources.ashx Risk(s): It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations Fix: Remove Social Security Numbers from your website 3. Integer Overflow i)URL: https://ss-jhd-wfsft/Runtime/Runtime/SharedResources.ashx Parameter: Modified ii)URL: https://ss-jhd-wfsft/Runtime/Runtime/SharedResources.ashx Parameter: ID iii)URL: https://ss-jhd-wfsft/Runtime/Runtime/UserResources.ashx Parameter: ID iv)URL: https://ss-jhd-wfsft/Runtime/Runtime/UserResources.ashx Parameter: Modified v)URL: https://ss-jhd-wfsft/Run ...
from Windows http://ift.tt/2kMP9fH
No comments:
Post a Comment