Detections
Analytics

Web Site Cross-Domain Policy File Detection

info Nessus Plugin ID 32318

Language:

Synopsis

The remote web server contains a 'crossdomain.xml' file.

Description

The remote web server contains a cross-domain policy file. This is a simple XML file used by Adobe's Flash Player to allow access to data that resides outside the exact web domain from which a Flash movie file originated.

Solution

Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross- site request forgery and cross-site scripting attacks against the web server.

See Also

http://www.nessus.org/u?8a58aa76

http://kb2.adobe.com/cps/142/tn_14213.html

http://www.nessus.org/u?74a6a9a5

http://www.nessus.org/u?acb70df2

Plugin Details

Severity: Info

ID: 32318

File Name: crossdomain.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 5/15/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus