Vulnerability Title: Click Jacking
Service Port:4443
Service Name: HTTPS
Service Protocol: tcp
Vulnerability Description:
Clickjacking, also known as a UI redress attack, is a method in which an attacker uses multiple transparent or opaque layers to trick a user into clicking a button or link on a page other than the one they believe they are clicking. Thus, the attacker is "hijacking" clicks meant for one page and routing the user to an illegitimate page.
Vulnerability Solution:Use HTTP X-Frame-Options. Send the HTTP response headers with X-Frame-Options that instruct the browser to restrict framing where it is not allowed.
1. Apply the Patch 30418565
Patch 30418565 FORMS LISTENER SERVLET NOT GENERATING X-FRAME-OPTIONS HTTP HEADER
Add SAMEORIGIN option with X-Frame-Options optin in Run-time and Staging httpd.conf
-- X-Frame-Options is available at line 1033
Header always append X-Frame-Options SAMEORIGIN
2.Run-time directory:
$DOMAIN_HOME/config/fmwconfig/components/OHS/instances/<componentName>/httpd.conf
3.Staging directory:
$DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf
No comments:
Post a Comment