Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Reorganized
    • Affects Version/s: 1.0.0
    • Fix Version/s: None
    • Component/s: JavaScript
    • Labels:
      None
    • Environment:
      Liferay Portal 6.0 RC2
      Open JDK 6.0 64 bit
      SuSE Linux Enterprise Server 11.0
      MySQL Server 5.0
    • Similar Issues:
      Show 4 results 

      Description

      We are using Rational AppScan to scan our in house applications for security problems. We keep getting a High level failure which states the following:

      Flash parameter AllowScriptAccess was set to always

      Vulnerable URL: http://<FQDN>/html/js/everything.jsp

      Remediation Tasks: Set the AllowScriptAccess parameter to 'sameDomain' which tells the Flash
      Player that only SWF files loaded from the same domain as the parent SWF
      will have script access to the hosting web page.

      It would appear that AppScan is finding the problem using the following URL: /html/js/everything.jsp?browserId=ie&themeId=classic&colorSchemeId=01&minifierType=js&minifierBundleId=javascript.everything.files&languageId=en_US&t=1276528710000 which returns a large block of script when entered. If I search for AllowScriptAccess it is in the script and set to always.

      I did some searching and it looks like this particular script comes from /ROOT/html/js/aui/io on the server.

      Is there any way that I can change this so that the AppScans successfully run?

      Thanks,
      Jamie

        Activity

        Hide
        Marc Lundgren (Inactive) added a comment -

        Thank you for reporting this issue. Please report any Liferay-Portal issues against Public-LPS. Public - Alloy UI is reserved for AlloyUI-framework-specific issues.

        Show
        Marc Lundgren (Inactive) added a comment - Thank you for reporting this issue. Please report any Liferay-Portal issues against Public-LPS. Public - Alloy UI is reserved for AlloyUI-framework-specific issues.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Date of First Response:
              Days since last comment:
              1 year, 24 weeks ago

              Development

                Structure Helper Panel