Affects Version/s: 1.0.0
Fix Version/s: None
Environment:Liferay Portal 6.0 RC2
Open JDK 6.0 64 bit
SuSE Linux Enterprise Server 11.0
MySQL Server 5.0
We are using Rational AppScan to scan our in house applications for security problems. We keep getting a High level failure which states the following:
Flash parameter AllowScriptAccess was set to always
Vulnerable URL: http://<FQDN>/html/js/everything.jsp
Remediation Tasks: Set the AllowScriptAccess parameter to 'sameDomain' which tells the Flash
Player that only SWF files loaded from the same domain as the parent SWF
will have script access to the hosting web page.
I did some searching and it looks like this particular script comes from /ROOT/html/js/aui/io on the server.
Is there any way that I can change this so that the AppScans successfully run?