Malicious Third Party Domain Detected

high Web App Scanning Plugin ID 114358

Language:

Synopsis

Malicious Third Party Domain Detected

Description

Supply chain attacks occur when one or more dependencies of an application are compromised, making the malicious code being shipped to the web application and, allowing threat actors to perform various operations depending on the logic of the code being altered like credentials stealing or application backdooring.

Solution

Review each domain flagged in the plugin output and look for alternatives trusted sources if needed. If the dependency is not really used, remove it from your web application and conduct forensics operations to check if a previous compromission occured and mitigate it.

See Also

https://sansec.io/research/polyfill-supply-chain-attack

https://www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/

Plugin Details

Severity: High

ID: 114358

Type: remote

Family: Web Applications

Published: 7/3/2024

Updated: 7/3/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS Score Source: Tenable

Reference Information

CWE: 506

OWASP: 2013-A9, 2017-A9, 2021-A6

DISA STIG: APSC-DV-002630

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.14.2.5

NIST: sp800_53-CM-6b

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-14.2.1

PCI-DSS: 3.2-6.2