Detections
Analytics
CGI Generic Cross-Site Request Forgery Detection (potential)
medium Nessus Plugin ID 56818
Language:
Synopsis
The remote web server might be prone to cross-site request forgery attacks.Description
Nessus has found HTML forms on the remote web server. Some CGI scripts do not appear to be protected by random tokens, a common anti-cross-site request forgery (XSRF) protection. The web application might be vulnerable to XSRF attacks. Note that :- Nessus did not exploit the flaw.
- Nessus cannot identify sensitive actions; for example, on an online bank, consulting an account is less sensitive than transferring money.
You will need to audit the source of the CGI scripts and check if they are actually affected.
Solution
Restrict access to the application vulnerable to cross-site request forgery. Contact the vendor for a patch or upgrade.See Also
Plugin Details
Severity: Medium
ID: 56818
File Name: pci_dss_potential_xsrf.nasl
Version: 1.11
Type: remote
Family: CGI abuses
Published: 11/17/2011
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/PCI_DSS