1 Reply Latest reply on Nov 16, 2017 5:24 AM by makecrazy

    Click Jacking ( Vulnerability )

    makecrazy

      Hi

       

      Currently got PCI audit of Orin Server and got mention Vulnerability , need solution to remove this Vulnerability currently using HTTPS with certificate ( No HTTP service is running with port 80)

       

      Vulnerability Title: Click Jacking

       

      Vulnerability Solution:

      Use HTTP X-Frame-Options

      Send the HTTP response headers with X-Frame-Options that instruct the browser to restrict framing where it is not allowed.

       

      Service Port:

      17799

      17791

      17778

       

      Vulnerability Proof:

       

      * Running HTTPS service

       

      HTTP request to  https://x.x.x.x:17799/,relevance:10},{begin:/

      HTTP response code was an expected 200

      1: text/html

      HTTP header 'Content-Type' was present and matched expectation

      HTTP header 'Content-Security-Policy' not present

      HTTP header 'X-Frame-Options' not present