Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-90075 | VRAU-TC-000600 | SV-100725r1_rule | Medium |
Description |
---|
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. As a web server, tc Server can be vulnerable to XSS if steps are not taken to mitigate the threat. VMware provides the XssFilter component to provide a layer of defense against XSS. Filters are Java objects that performs filtering tasks on either the request to a resource (a servlet or static content), or on the response from a resource, or both. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide | 2018-10-12 |
Check Text ( C-89767r1_chk ) |
---|
At the command prompt, execute the following command: grep -B 2 -A 7 XssFilter /etc/vco/app-server/web.xml If the XSS filter is not present, this is a finding. |
Fix Text (F-96817r1_fix) |
---|
Navigate to and open /etc/vco/app-server/web.xml. Configure a |