Endpoint Protection Small Business Edition

 View Only

  • 1.  Web Application Potentially Vulnerable to Clickjacking

    Posted Oct 27, 2015 11:21 AM

     

       Hi all,

     

     Can you please tell us how can we mitigate vulnerability "Web Application Potentially Vulnerable to Clickjacking".

     

     

     

    Description
    The remote web server does not set an X-Frame-Options response header in all content responses. This could potentially expose the site to a clickjacking or UI Redress attack wherein an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions.

    X-Frame-Options has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently supported by all major browser vendors.

    Note that while the X-Frame-Options response header is not the only mitigation for clickjacking, it is currently the most reliable method to detect through automation. Therefore, this plugin may produce false positives if other mitigation strategies (e.g frame-busting JavaScript) are deployed or if the page does not perform any security-sensitive transactions.
     
    Solution
    Return the X-Frame-Options HTTP header with the page's response.

    This prevents the page's content from being rendered by another site when using the frame or iframe HTML tags.

     

     

     

     We have a Symantec Endpoint Protection Manager 12.1.6 MP2 installed on a Windows Server 2012 R2 machine. Affected ports are 8443 and 9090 which are used by SEPM. We have tried to find solution to our problem, but without any success. 

     

     Thanks in advance!



  • 2.  RE: Web Application Potentially Vulnerable to Clickjacking

    Posted Oct 27, 2015 11:25 AM

    This would need to be a code change on the Symantec side. Since the 8443 and 9090 are affected you would need to block remote access to these ports via a firewall.

    Have you made them aware since this is the latest version?



  • 3.  RE: Web Application Potentially Vulnerable to Clickjacking

    Posted Oct 28, 2015 05:52 AM

     

     Until now, we haven't contacted Symantec.

     

     Actually, we had the same vulnerability on another port 8445 but we fixed it.  Since SEPM use both Apache and Tomcat, we've made some recommended changes in the apache config file (we've put line "Header set X-Frame-Options "SAMEORIGIN"" in the httpd.conf file) and the problem on that port was resolved. It seems that ports 8443 and 9090 are running by Tomcat, therefore we've tried to make some changes in tomcat's config files, but without success.



  • 4.  RE: Web Application Potentially Vulnerable to Clickjacking

    Posted Oct 28, 2015 06:28 AM

    Best to get their guidance on it. They don't recommend making changes to configs.